This DNS over HTTP thing
Curtis Maurand
cmaurand at gmail.com
Thu Oct 3 14:28:37 UTC 2019
Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you can
put in front of your recursors and It implements dns over https if you want
it to. It's open sources and ensures that you're not limited to Google's
or Cloudflare's servers which exist to drive advertising at you (I've seen
infected ads pwn machines). I have much more paranoid reasons for
implementing, namely preventing 3rd parties from getting my histories.
On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <jra at baylink.com> wrote:
> ----- Original Message -----
> > From: "John Levine" <johnl at iecc.com>
>
> > In article <804699748.1254612.1570037049931.JavaMail.zimbra at baylink.com>
> you
> > write:
> >>Tools. Are. Neutral.
> >>
> >>Any solution to a problem that involves outlawing or breaking tools will.
> >>Not. Solve. Your. Problem.
> >
> > I think in the outside world you'll find very little support for an
> argument
> > that filtering DNS is fundamentally broken.
> >
> > Sure, you can do it in broken ways, but it's going to be really hard
> > to persuade anyone that their lives are better if they have unfiltered
> > access to the malware links in their spam.
>
> I expect I would.
>
> But this is not "filtering DNS". It's "making a bodge-handed attempt to
> REPLACE DNS (well, proxy it) for only one application/layer".
>
> My problem isn't what they're using it for; it's that they've implemented
> it so poorly.
>
> I live down here in the trenches, John, where "it doesn't work" is the
> calibre
> of problem reports I get. When my tools say that "yes, it does", *I'm*
> the one
> who takes it in the nads because Mozilla had a Better Fuckin' Idea.
>
> That it will likely cause lots of 50,000ft problems to is just a cherry on
> the
> top.
>
> Cheers,
> -- jra
>
> --
> Jay R. Ashworth Baylink
> jra at baylink.com
> Designer The Things I Think RFC
> 2100
> Ashworth & Associates http://www.bcp38.info 2000 Land
> Rover DII
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
> 1274
>
--
--Curtis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191003/c8801e00/attachment.html>
More information about the NANOG
mailing list