Geoff Huston has an interesting article about the subject which is worth a read:
https://blog.apnic.net/2018/10/12/doh-dns-over-https-explained/ > On 2020/Jan/14, at 4:01 pm, Christian Heinrich > <[email protected]> wrote: > > David, > > On Tue, 14 Jan 2020 at 10:08, David <[email protected]> wrote: >> >> Does anyone know anything about this? There are many DOH servers around the >> world, for example <doh.securedns.eu> so DOH isn't new, and there's also >> DNS-over-TLS which seems more elegant. DOT may be more elegant, but in some countries, possibly ours, people monitoring the network would be able to block your DNS queries. DOH makes that harder to do. Ultimately DNS itself is not elegant or secure. >> Do the spooks have a hand in all this? Interference in DNS by governments and monitoring by ISPs set this off. In our country, I would expect that it is part of the metadata that ISPs are supposed to store for government departments and possibly even local councils to peruse. ISPs can also sell this data. Many people don't trust local ISP DNS servers for a number of reasons. They already use remote DNS servers. That traffic is in the clear and subject to monitoring and interference. If you are already using a remote DNS server, DOH makes the traffic, unreadable and not subject to alteration. > Paul Vixie recommends Quad9 i.e. > https://www.cyberscoop.com/quad9-dns-service-global-cyber-alliance/ > > He stopped using Mozillia/Firefox as a result of DOH i.e. > https://twitter.com/paulvixie/status/1198013742493028353 Mozilla just moved first on this. Operating systems have been dragging their feet on this issue. -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
