This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You might recommend that to me if running DNS tunnelled through another protocol was a thing I wanted to do. 

But it's not. I think it's horrible Internet engineering hygiene, and I don't just not want to do it myself, I don't think anybody else ought to do it either. 

And I think that if end-users understood all of the concerns, they would agree with me on that - I get paid to know what end users would think.

On October 3, 2019 10:28:37 AM EDT, Curtis Maurand <cmaurand at gmail.com> wrote:
>Might I suggest using PowerDNS's dinsdist.  it's an ha proxy that you
>can
>put in front of your recursors and It implements dns over https if you
>want
>it to.  It's open sources and ensures that you're not limited to
>Google's
>or Cloudflare's servers which exist to drive advertising at you (I've
>seen
>infected ads pwn machines).  I have much more paranoid reasons for
>implementing, namely preventing 3rd parties from getting my histories.
>
>On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <jra at baylink.com> wrote:
>
>> ----- Original Message -----
>> > From: "John Levine" <johnl at iecc.com>
>>
>> > In article
><804699748.1254612.1570037049931.JavaMail.zimbra at baylink.com>
>> you
>> > write:
>> >>Tools. Are. Neutral.
>> >>
>> >>Any solution to a problem that involves outlawing or breaking tools
>will.
>> >>Not. Solve. Your. Problem.
>> >
>> > I think in the outside world you'll find very little support for an
>> argument
>> > that filtering DNS is fundamentally broken.
>> >
>> > Sure, you can do it in broken ways, but it's going to be really
>hard
>> > to persuade anyone that their lives are better if they have
>unfiltered
>> > access to the malware links in their spam.
>>
>> I expect I would.
>>
>> But this is not "filtering DNS".  It's "making a bodge-handed attempt
>to
>> REPLACE DNS (well, proxy it) for only one application/layer".
>>
>> My problem isn't what they're using it for; it's that they've
>implemented
>> it so poorly.
>>
>> I live down here in the trenches, John, where "it doesn't work" is
>the
>> calibre
>> of problem reports I get.  When my tools say that "yes, it does",
>*I'm*
>> the one
>> who takes it in the nads because Mozilla had a Better Fuckin' Idea.
>>
>> That it will likely cause lots of 50,000ft problems to is just a
>cherry on
>> the
>> top.
>>
>> Cheers,
>> -- jra
>>
>> --
>> Jay R. Ashworth                  Baylink
>> jra at baylink.com
>> Designer                     The Things I Think                      
>RFC
>> 2100
>> Ashworth & Associates       http://www.bcp38.info          2000 Land
>> Rover DII
>> St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727
>647
>> 1274
>>
>
>
>-- 
>--Curtis

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191003/21d32177/attachment.html>

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]