Re: IN TXT & NULL trash records

[ѽ҉ᶬḳ℠ via Unbound-users]

I will be preventing DoH on my networks/nodes for those reasons though likely DoH will find a receptive user/fan base (out of convenience and being promoted as saviour to DNS privacy/security). But that aside, and not having contributed to the creation of the internet structure but ended up as a user that is impacted by using its facilities I am wondering more often whether certain parts need renovation or reinvention in some ways. I got only recently to appreciate the importance but also vulnerability of DNS. Suppose that during its inception the developers could not foresee all kind potential risks (malicious intent) and opted to keep things simple and liberal it though astonishes me that is even possible to run a SSH tunnel encapsulated in (obscured as) legitimate DNS traffic. On 22.11.2018,  Unbound-users wrote: DoH, by offering malware an over-the-top path to DNS content which can be neither filtered nor controlled by a network operator, will have to be widely blocked by enterprise and SoHo networks. this will sometimes take the form of whitelisting, other times blacklisting, often HTTPS MiTM, wider deployment of SOCKS, and more restricted BYOD policies. so, that game is beginning, but the old game is still going. neither the attackers nor the defenders will ever say, "ok ok, you've changed the rules, i guess i'll give up and do things your way now." -- P Vixie