This DNS over HTTP thing

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 2, 2019 at 1:54 PM John Levine <johnl at iecc.com> wrote:

> In article <804699748.1254612.1570037049931.JavaMail.zimbra at baylink.com>
> you write:
> >Tools. Are. Neutral.
> >
> >Any solution to a problem that involves outlawing or breaking tools will.
> >Not. Solve. Your. Problem.
>
> I think in the outside world you'll find very little support for an
> argument
> that filtering DNS is fundamentally broken.
>
> Sure, you can do it in broken ways, but it's going to be really hard
> to persuade anyone that their lives are better if they have unfiltered
> access to the malware links in their spam.
>
> +1 that dns tricks serve a real netops / secops purpose.

Also, google and its paid friends Firefox and Cloudflare — while offering
service to the public, are not contractually liable to provide any
meaningful SLA to subscribers of DoH or DoT.   Customer service at 8.8.8.8
is what?

That said, it is the ISP that takes the call $ when these “free” services
go down. And, google and Cloudflare have gone down at large scale in recent
memory.  Thats all fine and dandy today for 1.1.1.1 and 8.8.8.8, since you
need to dig pretty deep in your network config to set it.  The blast radius
is global for this type of default dns.   I know FF has said they want DoH
to be default, but Google have simply said “we’ll see” — which is a cause
for concern.

Finally, whenever it is free, YOU are the PRODUCT.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191002/1ca0d8ce/attachment.html>

• Previous message (by thread): This DNS over HTTP thing
• Next message (by thread): This DNS over HTTP thing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]