Re: This DNS over HTTP thing

On Oct 7, 2019, at 10:45 AM, Jim wrote: > My suggestion would be ultimately that DNS Clients implement DNSSEC > validation themself to avoid tampering by a malicious client on their network > for phishing purposes or a malicious recursive DNS Resolver server Yep. That is (IMHO) the right (only)

RE: This DNS over HTTP thing

they would be broken as the would be getting a non-working external address for a local server. Thank you, Kevin McCormick -Original Message- From: Jim Sent: Monday, October 7, 2019 12:45 PM To: Kevin McCormick Cc: Brandon Martin ; nanog@nanog.org Subject: Re: This DNS over HTTP thing

Re: This DNS over HTTP thing

On Mon, Oct 7, 2019 at 11:44 AM Kevin McCormick wrote: > > If the DNS request comes from an IP in matching a CIDR network address in the > ULS record, then the server would respond with an error message telling the > application to use the configured local DNS server. All if this is ultimately

RE: This DNS over HTTP thing

: Re: This DNS over HTTP thing On 9/30/19 10:25 PM, Jay R. Ashworth wrote: > Is there an official name for it I should be searching for? Aside from "DoH" (smacks Homer's head), you might find searching for the Mozilla (et. al.) "canary domain" useful. It's use-applica

Re: This DNS over HTTP thing

- Original Message - > From: "Niels Bakker" > * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 23:21 CEST]: >>- Original Message - >>> From: "Niels Bakker" >> >>> * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]: > From: "Livingood, Jason" > What

Re: This DNS over HTTP thing

You might recommend that to me if running DNS tunnelled through another protocol was a thing I wanted to do. But it's not. I think it's horrible Internet engineering hygiene, and I don't just not want to do it myself, I don't think anybody else ought to do it either. And I think that if

Re: This DNS over HTTP thing

Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you can put in front of your recursors and It implements dns over https if you want it to. It's open sources and ensures that you're not limited to Google's or Cloudflare's servers which exist to drive advertising at you (I've seen

Re: This DNS over HTTP thing

Power DNS has a ha proxy/load balancer that does dns over https. That way you're not limited to google's and cloudflare's dns servers which exist to drive advertising to you and give a single shource for tracking. dns over https: feh On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth wrote: >

Re: This DNS over HTTP thing

Yes, obviously they are trying multiple levers--but who gets to draw the line, where are they going to draw it, and why do they get to decide for me? What prevents an absurd 'solution' like "We can not only stop child molestation, but rape in general if we just castrate everyone" from being one

Re: This DNS over HTTP thing

On 03/10/2019 13:36, Masataka Ohta wrote: >> It also aides the normalisation of an entirely detestable practice. > > IWF does not aide so. No, the normalisation of an entirely detestable practice comes from the opposite of IWF involvement; you suggested that we should permit child pornography

Re: This DNS over HTTP thing

Tom Hill wrote: Sure, but the IWF was always intended to stop people accessing paedophilia accidentally. Then, though you wrote: > It also aides the normalisation of an entirely detestable practice. IWF does not aide so. look as if you were suggesting that in the UK we are very successful

Re: This DNS over HTTP thing

On 03/10/2019 12:11, Masataka Ohta wrote: >> Sources, please. (Disclaimer: I'm in the UK.) > > John Levine already mentioned "Internet Watch Foundation". Sure, but the IWF was always intended to stop people accessing paedophilia accidentally. It has always been well understood for there to be

Re: This DNS over HTTP thing

Tom Hill wrote: The Internet was working very well to suppress child porn by making video freely distributed, which made child porn industry a lot less profitable. I will say this very clearly: abusing children for sexual gratification doesn't stop when it is unprofitable. Sorry that the

Re: This DNS over HTTP thing

On 02/10/2019 21:44, Masataka Ohta wrote: > The Internet was working very well to suppress child porn by > making video freely distributed, which made child porn industry > a lot less profitable. I will say this very clearly: abusing children for sexual gratification doesn't stop when it is

Re: This DNS over HTTP thing

* j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 23:21 CEST]: - Original Message - From: "Niels Bakker" To: nanog@nanog.org Sent: Wednesday, October 2, 2019 1:42:08 PM Subject: Re: This DNS over HTTP thing * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019,

Re: This DNS over HTTP thing

On Wed, Oct 2, 2019 at 9:13 AM Livingood, Jason wrote: > The challenge of course is that in the absence of a silver bullet > solution, that people working to combat all forms of child exploitation are > simultaneously trying several things, ranging from going to the source as > you suggest and

Re: This DNS over HTTP thing

In article <6533015105f2d548812b4a445275b...@mail.dessus.com> you write: >Having unfiltered access to the malware installed by links in spam is a >self-limiting problem. Remove the DNS blocks and in >rather short order the problem will go away as all the idiots click their way >to oblivion. It

RE: This DNS over HTTP thing

On Wednesday, 2 October, 2019 15:21, Jay R. Ashworth wrote: >>>HTTP/451 >> >> Completely different protocol than what the rest of this thread is >> about, much more invasive wrt possibility of logging, and requires >> a lot more infrastructure and actual lying in DNS to make work. > >Closed

RE: This DNS over HTTP thing

On Wednesday, 2 October, 2019 14:52, John Levine wrote: >I think in the outside world you'll find very little support for an >argument that filtering DNS is fundamentally broken. Well, it is certainly trivial to bypass. Therefore it is a fantastic tools for tyrants and other fuckwads --

RE: This DNS over HTTP thing

On Wednesday, 2 October, 2019 10:55, Sabri Berisha wrote: >> Firefox and Chrome now reportedly use it unless you tell them not to. >Just imagine how this list would explode if BGP implementations would all >of a sudden have their default behavior changed to include auto- >negotiated MD5

RE: This DNS over HTTP thing

On Wednesday, 2 October, 2019 03:55, Tom Ivar Helbekkmo wrote: >However: because the browser cannot know for sure that the DNS traffic >is being routed over a secure channel, and browsers are being used for >all sorts of sensitive communication, it could check, and try to assist >the user.

Re: This DNS over HTTP thing

On Wed, Oct 2, 2019 at 1:54 PM John Levine wrote: > In article <804699748.1254612.1570037049931.javamail.zim...@baylink.com> > you write: > >Tools. Are. Neutral. > > > >Any solution to a problem that involves outlawing or breaking tools will. > >Not. Solve. Your. Problem. > > I think in the

Re: This DNS over HTTP thing

- Original Message - > From: "John Levine" > In article <804699748.1254612.1570037049931.javamail.zim...@baylink.com> you > write: >>Tools. Are. Neutral. >> >>Any solution to a problem that involves outlawing or breaking tools will. >>Not. Solve. Your. Problem. > > I think in the

Re: This DNS over HTTP thing

- Original Message - > From: "Niels Bakker" > To: nanog@nanog.org > Sent: Wednesday, October 2, 2019 1:42:08 PM > Subject: Re: This DNS over HTTP thing > * j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]: >>> From: "Livingoo

Re: This DNS over HTTP thing

In article <804699748.1254612.1570037049931.javamail.zim...@baylink.com> you write: >Tools. Are. Neutral. > >Any solution to a problem that involves outlawing or breaking tools will. >Not. Solve. Your. Problem. I think in the outside world you'll find very little support for an argument that

Re: This DNS over HTTP thing

Livingood, Jason wrote: The challenge of course is that in the absence of a silver bullet solution, that people working to combat all forms of childsorship exploitation are simultaneously trying several things, ranging from going to the source as you suggest and arresting people, to trying to

Re: This DNS over HTTP thing

    Well, 1 think for sure.     An application bypassing the OS and auto deciding where to resolve an address will break our DNS views for private versus public resolution of the same hostname.  I see fun times to be had in the Security world...     At least make it optional, not enabled by

Re: This DNS over HTTP thing

* j...@baylink.com (Jay R. Ashworth) [Wed 02 Oct 2019, 19:30 CEST]: From: "Livingood, Jason" What many people dismiss as 'lying' would be typically described as 'complying with the law' in certain countries. It is unfortunate that operators in countries with legally-mandated DNS blocks are

Re: This DNS over HTTP thing

- Original Message - > From: "Livingood, Jason" > On 10/1/19, 3:44 AM, "NANOG on behalf of Stephane Bortzmeyer" > wrote: >> Note that the UK is probably the country in Europe with the biggest >use of lying DNS resolvers for censorship. > > What many people dismiss as 'lying' would

Re: This DNS over HTTP thing

- Original Message - > From: "Livingood, Jason" > The challenge of course is that in the absence of a silver bullet solution, > that > people working to combat all forms of child exploitation are simultaneously > trying several things, ranging from going to the source as you suggest and

Re: This DNS over HTTP thing

In article <146431.1569964368@turing-police> you write: >-=-=-=-=-=- > >On Tue, 01 Oct 2019 16:24:30 -0400, Warren Kumari said: > >> "More concretely, the experiment in Chrome 78 will **check if the >> user’s current DNS provider** is among a list of DoH-compatible >> providers, and upgrade to the

Re: This DNS over HTTP thing

- On Sep 30, 2019, at 8:46 PM, Fred Baker fredbaker.i...@gmail.com wrote: > Firefox and Chrome now reportedly use it unless you tell them not to. Just imagine how this list would explode if BGP implementations would all of a sudden have their default behavior changed to include

Re: This DNS over HTTP thing

Damian Menscher via NANOG writes: > "This experiment will be done in collaboration with DNS providers who > already support DoH, with the goal of improving our mutual users’ > security and privacy by upgrading them to the DoH version of their > current DNS service. With our approach, the DNS

Re: This DNS over HTTP thing

The thing is: People were conditioned for years to look for the padlock, because padlock means secure. How will we ever get this out of their minds.. Jan SMTP: j...@philippi.pw XMPP: j...@himbeere.pw GPG: 45F3 2DF0 4D55 C4B4 2083 14C5 5727 D54F *E4E2 2A3C* Am 02.10.19 um 11:45 schrieb Valdis

Re: This DNS over HTTP thing

and the authorities are no match.” JL From: NANOG on behalf of "Aaron C. de Bruyn via NANOG" Reply-To: "Aaron C. de Bruyn" Date: Tuesday, October 1, 2019 at 2:53 PM To: John Levine Cc: NANOG mailing list Subject: Re: This DNS over HTTP thing "For the childr

Re: This DNS over HTTP thing

On 10/1/19, 3:44 AM, "NANOG on behalf of Stephane Bortzmeyer" wrote: > Note that the UK is probably the country in Europe with the biggest use of lying DNS resolvers for censorship. What many people dismiss as 'lying' would be typically described as 'complying with the law' in certain

Re: This DNS over HTTP thing

* nanog@nanog.org (Damian Menscher via NANOG) [Tue 01 Oct 2019, 23:04 CEST]: Should be obvious to non-trolls that I was referring to Google changing the default nameserver *in Chrome*, as obviously Google doesn't have root access to change it on the host. Funny because just last week there

RE: This DNS over HTTP thing

method to "bypass" normal network operations creates headaches for us. -Original Message- From: NANOG On Behalf Of John R. Levine Sent: Tuesday, October 1, 2019 4:06 PM To: Aaron C. de Bruyn Cc: NANOG mailing list Subject: Re: This DNS over HTTP thing I assumed my point was obvious

Re: This DNS over HTTP thing

On Wed, Oct 02, 2019 at 05:45:57AM -0400, Valdis Klētnieks wrote: > On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said: > > It is a common fallacy that TLS connections are authenticated. The vast > > majority of them are not authenticated in any meaningful fashion and all > > that > > can

Re: This DNS over HTTP thing

On Wed, 02 Oct 2019 01:55:13 -0600, "Keith Medcalf" said: > It is a common fallacy that TLS connections are authenticated. The vast > majority of them are not authenticated in any meaningful fashion and all that > can be said about TLS is that it provides an encrypted connection between the >

RE: This DNS over HTTP thing

On Tuesday, 1 October, 2019 22:15, David Conrad wrote: >DoH (and DoT) encrypt (and authenticate) the application <-> recursive >resolver channel (NOT the DNS data) which I gather some view as an attack >vector. Actually no. DoH and DoT encrypt the application <-> recursive resolver

Re: This DNS over HTTP thing

Jay, On Oct 1, 2019, at 12:18 PM, Jay R. Ashworth wrote: > This is thought to be about security? > > Didn't we already *fix* DNS SECurity? No. DNSSEC solves a different problem (being able to verify what you get is what the domain owner published). DoH (and DoT) encrypt (and authenticate)

Re: This DNS over HTTP thing

Hi, On 01/10/2019 23:24, Warren Kumari wrote: > On Tue, Oct 1, 2019 at 3:42 PM K. Scott Helms wrote: >> >> They almost have to change the default since there are (comparatively) very >> few DoH providers compared to DNS providers. > > From the link that Damian sent (emphasis mine): > "More

Re: This DNS over HTTP thing

Everyone's (who's anyone) is looking for free curation of the net! Maybe one more law or regulation will do it. Look at how well it stomped out spam! Put more grimly: For over 100 years Europe, and others, have imagined the path to paradise is paved with new and improved censorship. Results

Re: This DNS over HTTP thing

On Tue, 01 Oct 2019 16:24:30 -0400, Warren Kumari said: > "More concretely, the experiment in Chrome 78 will **check if the > user’s current DNS provider** is among a list of DoH-compatible > providers, and upgrade to the equivalent DoH service **from the same > provider**. If the DNS provider

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 2:06 PM Jeroen Massar wrote: > On 2019-10-01 23:03, Damian Menscher wrote: > > On Tue, Oct 1, 2019 at 1:22 PM Jeroen Massar jer...@massar.ch>> wrote: > > > > On 2019-10-01 21:38, Damian Menscher wrote: > > > > > Could someone provide a reference of Google saying

Re: This DNS over HTTP thing

On 2019-10-01 23:03, Damian Menscher wrote: > On Tue, Oct 1, 2019 at 1:22 PM Jeroen Massar > wrote: > > On 2019-10-01 21:38, Damian Menscher wrote: > > > Could someone provide a reference of Google saying they'll change the > default nameserver?  Without that,

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 1:22 PM Jeroen Massar wrote: > On 2019-10-01 21:38, Damian Menscher wrote: > > > Could someone provide a reference of Google saying they'll change the > default nameserver? Without that, I think all of Jeroen's arguments fall > apart? > > While I stated: > > >> Moving

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 3:42 PM K. Scott Helms wrote: > > They almost have to change the default since there are (comparatively) very > few DoH providers compared to DNS providers. >From the link that Damian sent (emphasis mine): "More concretely, the experiment in Chrome 78 will **check if the

Re: This DNS over HTTP thing

On 2019-10-01 21:38, Damian Menscher wrote: > Could someone provide a reference of Google saying they'll change the default > nameserver?  Without that, I think all of Jeroen's arguments fall apart? While I stated: >> Moving only your DNS to Cloudflare or Google does not solve the security >>

Re: This DNS over HTTP thing

- Original Message - > From: "Matt Corallo" > I’m not sure that google has announced any plans to, but Firefox has announced > plans to switch everyone to Cloudflare’s DNS. > > Hope none of y’all are running competing CDNs, cause they’re about to get > real > slow on Firefox. But

Re: This DNS over HTTP thing

I assumed my point was obvious but evidently I overestimated my audience. While it is stupid to assert that the only reason to circumvent DNS filters is to look at child abuse material, it is equally stupid to assert that the only reason to filter is to lie, or to censor. There are plenty of

Re: This DNS over HTTP thing

They almost have to change the default since there are (comparatively) very few DoH providers compared to DNS providers. On Tue, Oct 1, 2019, 2:40 PM Damian Menscher via NANOG wrote: > On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth wrote: > >> - Original Message - >> > From: "Stephane

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 12:24 PM Jay R. Ashworth wrote: > - Original Message - > > From: "Stephane Bortzmeyer" > > To: "Jeroen Massar" > > >> While the 'connection to the recursor' is 'encrypted', the recursor > >> is still in clear text... one just moves who can see what you are > >>

Re: This DNS over HTTP thing

On 10/1/19 12:18 PM, Jay R. Ashworth wrote: - Original Message - From: "Stephane Bortzmeyer" On Mon, Sep 30, 2019 at 11:56:33PM -0400, Brandon Martin wrote a message of 10 lines which said: It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) will go back to using

Re: This DNS over HTTP thing

- Original Message - > From: "Stephane Bortzmeyer" > To: "Jeroen Massar" >> While the 'connection to the recursor' is 'encrypted', the recursor >> is still in clear text... one just moves who can see what you are >> doing with this. > > As with any cryptographic protocol. Same thing

Re: This DNS over HTTP thing

- Original Message - > From: "Stephane Bortzmeyer" > On Mon, Sep 30, 2019 at 11:56:33PM -0400, > Brandon Martin wrote > a message of 10 lines which said: > >> It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) >> will go back to using your local DNS server list as per

Re: This DNS over HTTP thing

- Original Message - > From: "Matt Corallo" > It was mentioned in this (partially related) thread, with all the responses > being the predictable “lol these folks in Silicon Valley need to lay off the > drugs”. > > https://mailman.nanog.org/pipermail/nanog/2019-September/103059.html

Re: This DNS over HTTP thing

"For the children!" "Stop resisting!" "I was in fear for my life!" The age-old cries of the oppressor. The problem is that children are being kidnapped, trafficked, and abused. DNS blocking doesn't solve that. It's not a technical problem. Go to the source--the kidnappers, traffickers, and

Re: This DNS over HTTP thing

In article <20191001074011.n4xjouqg6lhsv...@nic.fr> you write: >Note that the UK is probably the country in Europe with the biggest >use of lying DNS resolvers for censorship. No wonder that the people >who censor don't like anti-censorship techniques. Most UK ISPs use the Internet Watch

Re: This DNS over HTTP thing

DNS over HTTPS. And yesDNS over TLS would be better in my opinion. -- Greg Grimes Senior Network Analyst Information Technology Services Mississippi State University 662-325-9311(w) From: NANOG on behalf of Jay R. Ashworth Sent: Monday, September 30, 2019

Re: This DNS over HTTP thing

On 01/10/2019 08:40, Stephane Bortzmeyer wrote: > Note that the UK is probably the country in Europe with the biggest > use of lying DNS resolvers for censorship. No wonder that the people > who censor don't like anti-censorship techniques. Do you have a (reputable) source to go with that claim?

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 8:22 AM Stephane Bortzmeyer wrote: > On Tue, Oct 01, 2019 at 12:11:32PM +0200, > Jeroen Massar wrote > a message of 101 lines which said: > > > - Using a centralized/forced-upon DNS service (be that over DoT/DoH > > or even plain old Do53 > > Yes, but people using a

Re: This DNS over HTTP thing

On Tue, Oct 1, 2019 at 6:23 AM Stephane Bortzmeyer wrote: > On Tue, Oct 01, 2019 at 12:11:32PM +0200, > Jeroen Massar wrote > a message of 101 lines which said: > > > - Using a centralized/forced-upon DNS service (be that over DoT/DoH > > or even plain old Do53 > > Yes, but people using a

Re: This DNS over HTTP thing

On 2019-10-01 15:22, Stephane Bortzmeyer wrote: > On Tue, Oct 01, 2019 at 12:11:32PM +0200, > Jeroen Massar wrote > a message of 101 lines which said: > >> - Using a centralized/forced-upon DNS service (be that over DoT/DoH >> or even plain old Do53 > > Yes, but people using a public DNS

Re: This DNS over HTTP thing

On Mon, Sep 30, 2019 at 7:27 PM Jay R. Ashworth wrote: > I've been embroiled in my first house-move in 28 years, and just got back > to the table. I don't see any threads here about whatever this > thing-which- > appears-to-me-to-be-a-monstrosity; has it been discussed here and I missed > it? >

Re: This DNS over HTTP thing

> On Oct 1, 2019, at 9:22 AM, Stephane Bortzmeyer wrote: > > On Tue, Oct 01, 2019 at 12:11:32PM +0200, > Jeroen Massar wrote > a message of 101 lines which said: > >> - Using a centralized/forced-upon DNS service (be that over DoT/DoH >> or even plain old Do53 > > Yes, but people using a

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 12:11:32PM +0200, Jeroen Massar wrote a message of 101 lines which said: > - Using a centralized/forced-upon DNS service (be that over DoT/DoH > or even plain old Do53 Yes, but people using a public DNS resolver (of a big US corporation) over UDP is quite an old

Re: This DNS over HTTP thing

> On Oct 1, 2019, at 6:11 AM, Jeroen Massar wrote: > > TDLR: > - Using DoT or DoH as a protocol is fine, though the recursor still > controls/views the DNS queries > - Using a centralized/forced-upon DNS service (be that over DoT/DoH or even > plain old Do53 is does not improve security or

Re: This DNS over HTTP thing

TDLR: - Using DoT or DoH as a protocol is fine, though the recursor still controls/views the DNS queries - Using a centralized/forced-upon DNS service (be that over DoT/DoH or even plain old Do53 is does not improve security or privacy... Getting that forced fed by the monopolies

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 10:35:31AM +0200, Jeroen Massar wrote a message of 29 lines which said: > Correct: for the DoH protocol it is not that goal, there it solely > is "encryption". But DoT already solves that. DoT is fine, (and my own public resolver activates it) but, as you know, it is

Re: This DNS over HTTP thing

On 01/10/2019 09:22, Brandon Butterworth wrote: Here are some UKNOF presentations on it - Also very interesting from NLNOG (but in English): https://www.youtube.com/watch?v=pjin3nv8jAo -- Grzegorz Janoszka

Re: This DNS over HTTP thing

On 2019-10-01 10:08, Stephane Bortzmeyer wrote: > On Tue, Oct 01, 2019 at 09:55:54AM +0200, > Jeroen Massar wrote > a message of 26 lines which said: > >>> (Because this canary domain contradicts DoH's goals, by allowing >>> the very party you don't trust to remotely disable security.) >> >>

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 09:55:54AM +0200, Jeroen Massar wrote a message of 26 lines which said: > > (Because this canary domain contradicts DoH's goals, by allowing > > the very party you don't trust to remotely disable security.) > > The goal is centralization of DNS Hmmm, no, read RFC

Re: This DNS over HTTP thing

> The bare about:config pref you want is "network.trr.mode".  Short and > sweet of it, set to 5 (off by choice), and it should disable the > function entirely.  3 would be the opposite: always use it. Thank you, IMO this is by far the most useful piece of information on the subject! Robert

RE: This DNS over HTTP thing

On Tuesday, 1 October, 2019 01:39, Stephane Bortzmeyer wrote: >On Mon, Sep 30, 2019 at 11:56:33PM -0400, Brandon Martin wrote >> It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) >> will go back to using your local DNS server list as per usual. > Unless, I hope, the user

Re: This DNS over HTTP thing

On 2019-10-01 09:38, Stephane Bortzmeyer wrote: > On Mon, Sep 30, 2019 at 11:56:33PM -0400, > Brandon Martin wrote > a message of 10 lines which said: > >> It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) >> will go back to using your local DNS server list as per usual. > >

Re: This DNS over HTTP thing

On 10/1/19 3:38 AM, Stephane Bortzmeyer wrote: It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) will go back to using your local DNS server list as per usual. Unless, I hope, the user explicitely overrides this. (Because this canary domain contradicts DoH's goals, by allowing

Re: This DNS over HTTP thing

On Tue, Oct 01, 2019 at 08:22:58AM +0100, Brandon Butterworth wrote a message of 37 lines which said: > Here are some UKNOF presentations on it - Note that the UK is probably the country in Europe with the biggest use of lying DNS resolvers for censorship. No wonder that the people who

Re: This DNS over HTTP thing

On Mon, Sep 30, 2019 at 11:56:33PM -0400, Brandon Martin wrote a message of 10 lines which said: > It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) > will go back to using your local DNS server list as per usual. Unless, I hope, the user explicitely overrides this. (Because

Re: This DNS over HTTP thing

On Mon, Sep 30, 2019 at 11:46:04PM -0400, Fred Baker wrote a message of 28 lines which said: > > Is there an official name for it I should be searching for? > > The IETF calls it "DoH", pronounced like > "Dough". https://datatracker.ietf.org/wg/doh/about/ And it is standardized in RFC 8484,

Re: This DNS over HTTP thing

On Mon Sep 30, 2019 at 10:38:31PM -0700, Matt Corallo wrote: > It was mentioned in this (partially related) thread, with all the responses > being the predictable ???lol these folks in Silicon Valley need to lay off > the drugs???. > >

Re: This DNS over HTTP thing

It was mentioned in this (partially related) thread, with all the responses being the predictable “lol these folks in Silicon Valley need to lay off the drugs”. https://mailman.nanog.org/pipermail/nanog/2019-September/103059.html Matt > On Sep 30, 2019, at 19:25, Jay R. Ashworth wrote: > >

Re: This DNS over HTTP thing

On 9/30/19 10:25 PM, Jay R. Ashworth wrote: Is there an official name for it I should be searching for? Aside from "DoH" (smacks Homer's head), you might find searching for the Mozilla (et. al.) "canary domain" useful. It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) will

Re: This DNS over HTTP thing

On Sep 30, 2019, at 10:25 PM, Jay R. Ashworth wrote: > Is there an official name for it I should be searching for? The IETF calls it "DoH", pronounced like "Dough". https://datatracker.ietf.org/wg/doh/about/ There are a number of such services from Google, Amazon, and others. Firefox and