> On 19 Dec 2019, at 04:05, Rob Sayre <say...@gmail.com> wrote: > > > > On Wed, Dec 18, 2019 at 6:10 PM Eric Rescorla <e...@rtfm.com > <mailto:e...@rtfm.com>> wrote: > > “It has been pointed out that should the trend towards using large public > resolvers increase, an increased centralisation of DNS resolution services > will result. > > Well, it's been pointed out, but it's not at all clear that it's true, due to > the large amount of centralization of ISPs in certain areas, so no, I don't > think this document should make this claim. > > Agree. > > > An increasing number of applications are offering application-specific > encrypted DNS resolution settings, rather than defaulting to using only the > system resolver. Due to a lack of a standardized discovery mechanism for DoH > and Strict DoT servers, applications that do so are currently limited to > using hard coded lists of resolvers and a variety of heuristics and resolvers > are available in different applications. At the time of writing, efforts to > provide standardized signalling mechanisms for applications to also discover > the services offered by local resolvers are in progress > [I-D.ietf-dnsop-resolver-information]. Note that an increasing numbers of > ISPs are deploying encrypted DNS, for example see the Encrypted DNS > Deployment Initiative [EDDI]. > > I'm not sure what the point of this text is, but it seems kind of confusing. > In particular, it's not the case that the primary reason that Firefox uses a > hardcoded list is because there is no standardized discovery mechanism. > > The text also relates discovery to encryption. That seems odd. Is it the case > that some parties didn't mind which DNS server was used, as long as the > traffic was unencrypted?
> > > Everything after this just seems to pre-empt discussions that are ongoing and > haven't reached consensus. > > > Application-specific changes to default destinations for users' DNS queries > might increase or decrease user privacy - it is highly dependant on the > network context and the application-specific default. This is an area of > active debate. > > In order that users are aware of and can control such changes it is highly > desirable that applications > > Is it "highly desirable", though? > > * communicate clearly the change in default to users > > Not clearly true, since the status quo is often not clearly communicated. > > * provide configuration options to change the default > > Doesn't seem like that is always desirable. Some routers and networks don't > offer configuration options, but that doesn't mean they should be obeyed. > It's complicated. For both the above points please see the response to Ekr. > > * provide configuration options to always use the network provided resolver > > "network provided resolver" is not well-defined. Suggest “DHCP-provided resolver” which is used earlier in the section. Sara.
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy