nanog mailing list archives
Re: This DNS over HTTP thing
From: Jay Ashworth <jra () baylink com>
Date: Thu, 03 Oct 2019 14:32:36 -0400
You might recommend that to me if running DNS tunnelled through another protocol was a thing I wanted to do. But it's not. I think it's horrible Internet engineering hygiene, and I don't just not want to do it myself, I don't think anybody else ought to do it either. And I think that if end-users understood all of the concerns, they would agree with me on that - I get paid to know what end users would think. On October 3, 2019 10:28:37 AM EDT, Curtis Maurand <cmaurand () gmail com> wrote:
Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you can put in front of your recursors and It implements dns over https if you want it to. It's open sources and ensures that you're not limited to Google's or Cloudflare's servers which exist to drive advertising at you (I've seen infected ads pwn machines). I have much more paranoid reasons for implementing, namely preventing 3rd parties from getting my histories. On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <jra () baylink com> wrote:----- Original Message -----From: "John Levine" <johnl () iecc com>In article<804699748.1254612.1570037049931.JavaMail.zimbra () baylink com>youwrite:Tools. Are. Neutral. Any solution to a problem that involves outlawing or breaking toolswill.Not. Solve. Your. Problem.I think in the outside world you'll find very little support for anargumentthat filtering DNS is fundamentally broken. Sure, you can do it in broken ways, but it's going to be reallyhardto persuade anyone that their lives are better if they haveunfilteredaccess to the malware links in their spam.I expect I would. But this is not "filtering DNS". It's "making a bodge-handed attempttoREPLACE DNS (well, proxy it) for only one application/layer". My problem isn't what they're using it for; it's that they'veimplementedit so poorly. I live down here in the trenches, John, where "it doesn't work" isthecalibre of problem reports I get. When my tools say that "yes, it does",*I'm*the one who takes it in the nads because Mozilla had a Better Fuckin' Idea. That it will likely cause lots of 50,000ft problems to is just acherry onthe top. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I ThinkRFC2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 7276471274-- --Curtis
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Current thread:
- Re: This DNS over HTTP thing, (continued)
- Re: This DNS over HTTP thing Aaron C. de Bruyn via NANOG (Oct 01)
- Re: This DNS over HTTP thing John R. Levine (Oct 01)
- Re: This DNS over HTTP thing bzs (Oct 01)
- RE: This DNS over HTTP thing Matthew Huff (Oct 02)
- Re: This DNS over HTTP thing Livingood, Jason (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- Re: This DNS over HTTP thing John Levine (Oct 02)
- Re: This DNS over HTTP thing Jay R. Ashworth (Oct 02)
- Re: This DNS over HTTP thing Curtis Maurand (Oct 03)
- Re: This DNS over HTTP thing Curtis Maurand (Oct 03)
- Re: This DNS over HTTP thing Jay Ashworth (Oct 03)
- Re: This DNS over HTTP thing Ca By (Oct 02)
- RE: This DNS over HTTP thing Keith Medcalf (Oct 02)
- Re: This DNS over HTTP thing John Levine (Oct 02)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 02)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Masataka Ohta (Oct 03)
- Re: This DNS over HTTP thing Tom Hill (Oct 03)
- Re: This DNS over HTTP thing Aaron C. de Bruyn via NANOG (Oct 02)