On Mon, Jan 18, 2021 at 04:27:20PM -0500, John Levine <[email protected]> wrote a message of 18 lines which said:
> They think DoH is swell, but not when it bypasses security controls > and leaks info to random outside people I will certainly do as the NSA says, since they are experts in privacy-related issues (and in random numbers since they call "random" the resolver that is configured in my browser) but, to add fuel to the fire, the people at JSOF who discovered the DNSpooq vulnerability just said the opposite: https://www.zdnet.com/article/dnspooq-lets-attackers-poison-dns-cache-records/ "A good workaround would be to use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT)," Oberman said. "Another option would be to statically configure a trusted DNS server, like Cloudflare or Google DNS servers, so that DNS requests are not handled by the home router and go directly to the [remote] DNS server. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
