[PLUG] DNS over HTTPS

Russell Senior russell at personaltelco.net
Sun Dec 29 03:48:16 UTC 2019


I can see one way: often your DNS is going through a local resolver. The
off-site traffic is combined with other client devices before the ISP gets
a gander at it. The application making the choice of who to ask (often
without the users real understanding about that choice) isn't an automatic
win.

For me personally, I'm a little concerned about not having a way of telling
local users that I know more about how to look up a particular domain
(which might resolve to a local address when you on my network) than the
browser vendor. There is a mechanism for opting out which I haven't tried
yet. There isn't really a good mechanism for saying you trust your local
network administrator (who I generally trust) more than your ISP (who I
don't trust to not spy on me).

It's a sticky problem.

On Sat, Dec 28, 2019 at 7:37 PM Tomas Kuchta <tomas.kuchta.lists at gmail.com>
wrote:

> Could you explain the details why/how DNS over Https would you "not
> recommend using it. It's just a way for data-mining
> companies to suck up more of your private life"?
>
> The way I understand it, it is meant to provide privacy from your ISP and
> traffic observation along the way to the DNS. It should not make anything
> else worse/better.
>
> Thanks,
> Tomas
>
> On Sun, Dec 29, 2019, 03:01 Tom <tgrom.automail at nuegia.net> wrote:
>
> > On Wed, 25 Dec 2019 20:14:00 -0800
> > "Mike C." <mconnors1 at gmail.com> wrote:
> >
> > > Has anyone dug into this much or actually using it?
> > >
> > > It's experimental in Chrome but not currently available in the .deb
> > > version.
> > >
> > > Apparently, It has been a Firefox feature for a few years, but Chrome
> > > has been my browser of choice for many years now.
> > >
> > > OpenWrt supports DoH through DNSMasq and HTTPS-DNS-Proxy. Which is
> > > nice because then all your LAN / WLAN devices can use it after
> > > setting up once and makes troubleshooting any problems related to it
> > > much easier.
> > >
> > > I know a few years ago, DNSMasq was pretty standard on Ubuntu / Debian
> > > based distros. Which makes me think there's probably a HTTPS-DNS-Proxy
> > > package for most Linux distros.
> > > _______________________________________________
> > > PLUG mailing list
> > > PLUG at pdxlinux.org
> > > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> > I would not recommend using it. It's just a way for data-mining
> > companies to suck up more of your private life. There's no security or
> > reliability to it over normal DNS. In fact, the security and
> > reliability is worse.
> >
> > --
> > _______________________________________________
> > PLUG mailing list
> > PLUG at pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>



More information about the PLUG mailing list