This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 1, 2019 at 3:42 PM K. Scott Helms <kscott.helms at gmail.com> wrote:
>
> They almost have to change the default since there are (comparatively) very few DoH providers compared to DNS providers.

>From the link that Damian sent (emphasis mine):
"More concretely, the experiment in Chrome 78 will **check if the
user’s current DNS provider** is among a list of DoH-compatible
providers, and upgrade to the equivalent DoH service **from the same
provider**. If the DNS provider isn’t in the list, Chrome will
**continue to operate as it does today.**"

W


>
> On Tue, Oct 1, 2019, 2:40 PM Damian Menscher via NANOG <nanog at nanog.org> wrote:
>>
>> On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth <jra at baylink.com> wrote:
>>>
>>> ----- Original Message -----
>>> > From: "Stephane Bortzmeyer" <bortzmeyer at nic.fr>
>>> > To: "Jeroen Massar" <jeroen at massar.ch>
>>>
>>> >> While the 'connection to the recursor' is 'encrypted', the recursor
>>> >> is still in clear text... one just moves who can see what you are
>>> >> doing with this.
>>> >
>>> > As with any cryptographic protocol. Same thing with VPNs, SSH and
>>> > whatever: the remote end can see what you do. What's your point?
>>>
>>> I'm still assimilating this, but based on what I've read this half hour,
>>> his point is that "*it's none of Alphabet's damn business* where I go that
>>> isn't Google".
>>
>>
>> What's missing from this discussion are some basic facts, like "is Google going to change your DNS settings to 8.8.8.8?"
>>
>> The opening paragraph of https://blog.chromium.org/2019/09/experimenting-with-same-provider-dns.html reads:
>>
>> "This experiment will be done in collaboration with DNS providers who already support DoH, with the goal of improving our mutual users’ security and privacy by upgrading them to the DoH version of their current DNS service. With our approach, the DNS service used will not change, only the protocol will. As a result, existing content controls of your current DNS provider, including any existing protections for children, will remain active."
>>
>> Could someone provide a reference of Google saying they'll change the default nameserver?  Without that, I think all of Jeroen's arguments fall apart?
>>
>> Damian



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]