nanog mailing list archives
Re: This DNS over HTTP thing
From: Ca By <cb.list6 () gmail com>
Date: Wed, 2 Oct 2019 14:58:48 -0700
On Wed, Oct 2, 2019 at 1:54 PM John Levine <johnl () iecc com> wrote:
In article <804699748.1254612.1570037049931.JavaMail.zimbra () baylink com> you write:Tools. Are. Neutral. Any solution to a problem that involves outlawing or breaking tools will. Not. Solve. Your. Problem.I think in the outside world you'll find very little support for an argument that filtering DNS is fundamentally broken. Sure, you can do it in broken ways, but it's going to be really hard to persuade anyone that their lives are better if they have unfiltered access to the malware links in their spam. +1 that dns tricks serve a real netops / secops purpose.
Also, google and its paid friends Firefox and Cloudflare — while offering service to the public, are not contractually liable to provide any meaningful SLA to subscribers of DoH or DoT. Customer service at 8.8.8.8 is what? That said, it is the ISP that takes the call $ when these “free” services go down. And, google and Cloudflare have gone down at large scale in recent memory. Thats all fine and dandy today for 1.1.1.1 and 8.8.8.8, since you need to dig pretty deep in your network config to set it. The blast radius is global for this type of default dns. I know FF has said they want DoH to be default, but Google have simply said “we’ll see” — which is a cause for concern. Finally, whenever it is free, YOU are the PRODUCT.
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing John R. Levine (Oct 01)
- Re: This DNS over HTTP thing bzs (Oct 01)
- RE: This DNS over HTTP thing Matthew Huff (Oct 02)
- Re: This DNS over HTTP thing Livingood, Jason (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- Re: This DNS over HTTP thing John Levine (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- Re: This DNS over HTTP thing Curtis Maurand (Oct 03)
- Re: This DNS over HTTP thing Curtis Maurand (Oct 03)
- Re: This DNS over HTTP thing Jay Ashworth (Oct 03)
- Re: This DNS over HTTP thing Ca By (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing John Levine (Oct 02)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 02)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Aaron C. de Bruyn via NANOG (Oct 02)
- Re: This DNS over HTTP thing John R. Levine (Oct 03)