Re: This DNS over HTTP thing

[Fred Baker <fredbaker.ietf () gmail com>]

On Sep 30, 2019, at 10:25 PM, Jay R. Ashworth <jra () baylink com> wrote:
> Is there an official name for it I should be searching for?

The IETF calls it "DoH", pronounced like "Dough". https://datatracker.ietf.org/wg/doh/about/

There are a number of such services from Google, Amazon, and others. Firefox and Chrome now reportedly use it unless 
you tell them not to. It is also in use by at least one botnet, per reports.

https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
https://www.zdnet.com/article/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol/
https://www.bleepingcomputer.com/news/security/psixbot-modular-malware-gets-new-sextortion-google-doh-upgrades/

One thing that bothers me about the Google implementation is that they apparently download the IANA zone and, in 
effect, operate as an informal root server. Not that I am protective of the root per se, but the root operators operate 
by an ethos described in RSSAC001 
(https://www.icann.org/en/system/files/files/rssac-001-root-service-expectations-04dec15-en.pdf.). If Google wants to 
promote itself into those ranks, I would expect it to shoulder the ethos and responsibility implied. The articles I 
pointed to above would suggest that it does not.