This DNS over HTTP thing
Damian Menscher
damian at google.com
Tue Oct 1 19:38:10 UTC 2019
On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth <jra at baylink.com> wrote:
> ----- Original Message -----
> > From: "Stephane Bortzmeyer" <bortzmeyer at nic.fr>
> > To: "Jeroen Massar" <jeroen at massar.ch>
>
> >> While the 'connection to the recursor' is 'encrypted', the recursor
> >> is still in clear text... one just moves who can see what you are
> >> doing with this.
> >
> > As with any cryptographic protocol. Same thing with VPNs, SSH and
> > whatever: the remote end can see what you do. What's your point?
>
> I'm still assimilating this, but based on what I've read this half hour,
> his point is that "*it's none of Alphabet's damn business* where I go that
> isn't Google".
>
What's missing from this discussion are some basic facts, like "is Google
going to change your DNS settings to 8.8.8.8?"
The opening paragraph of
https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html
reads:
"This experiment will be done in collaboration with DNS providers who
already support DoH, with the goal of improving our mutual users’ security
and privacy by upgrading them to the DoH version of their current DNS
service. With our approach, the DNS service used will not change, only the
protocol will. As a result, existing content controls of your current DNS
provider, including any existing protections for children, will remain
active."
Could someone provide a reference of Google saying they'll change the
default nameserver? Without that, I think all of Jeroen's arguments fall
apart?
Damian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191001/0b9694b3/attachment.html>
More information about the NANOG
mailing list