On 11/16/19 8:38 AM, Jari Arkko wrote: > https://tools.ietf.org/html/draft-arkko-abcd-distributed-resolver-selection-00
A colleague implemented the PSL approach for Knot Resolver recently where user picks the resolver set, but I'm skeptical about spreading-with-PSL significantly improving privacy. Still, it was less than one screen of code (+PSL dependency) some people have asked for this, so why not. Trusting one provider seems better to me (or two... for a fallback). If you can't trust any, you probably need a Tor-like approach to separate your address from your queries. (For now I'm leaving non-DNS leaks aside, e.g. SNI, sets of IPs usually determining the name uniquely, etc. For now I'd go for a full VPN if you trust a provider or Tor if you don't.) Client-based splitting seems to be a worsening (!) as one of privacy benefits is precisely the inter-mingling of queries from multiple clients and thus reduced ability to track the individuals. --Vladimir _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
