Tinkering with DNS over HTTPS

For discussions about security.
Post Reply
Message
Author
belham2
Posts: 1715
Joined: Mon 15 Aug 2016, 22:47

Tinkering with DNS over HTTPS

#1 Post by belham2 »

Hi all,

Anyone (8Geee, Moat, etc) been fooling with this and/or running it? Some links (below) for those not familiar with this and/or why it is such a 'big deal'. I've tried the "3" setting in FF and then using Mother Nanny Google, but getting kicked to 'offline' happens still too frequently.

Worrisome part, to me, initially of using "DNS over HTTPS" is that only 4 are providing this. So.......much like the VPN debacles we've all seen over the years, this ultimately comes down to one thing---do we, as users, trust these currentt 4 'dns-over-https' providers that they will not log and keeps all records of DNS queries/translations? If you understand how DNS queries are currently handled, you'll understand the appeal of it happening over https, but still, only 4 current providers? I mean, sheesh...... :?

https://en.wikipedia.org/wiki/DNS_over_HTTPS

https://developers.google.com/speed/pub ... over-https

https://www.securityweek.com/mozilla-br ... ox-nightly

https://blog.usejournal.com/getting-sta ... b5fc865a43

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

Who pays for maintaining a DNS translator?

s243a
Posts: 2580
Joined: Tue 02 Sep 2014, 04:48
Contact:

#3 Post by s243a »

The biggest advantage I see is possibly a speed advantage because if you want security you can use dnscrypt.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#4 Post by Flash »

I strongly encourage everyone who's interested in DNS over HTTPS to read this very informative article: A cartoon intro to DNS over HTTPS.

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#5 Post by 8Geee »

quoting from Flash's article at mozilla.org

"That means that your ISP can still figure out which sites you’re visiting, because it’s right there in the server name indication. Plus, the routers that pass that initial request from your browser to the web server can see that info too."

Unfortunately in the USA the ISP has the ability to intercept the message and use that info (the IP address) as a source of revenue (lets call it spam-mail sent out by their minions- some of whom are rather shady). I would remind all that this ISP usually sends you a monthly bill (CATV, Telco, etc.) that most likely will still increase over time.

In short, it reduces and concentrates the necessary evil of using the web for e-mail and the ISP still monetizes the end-user when shopping/paying bills.

Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#6 Post by rufwoof »

8.8.8.8 name server is as about as common as using Google for searches. https'ing access/calls to that Google controlled name server doesn't avoid the likes of Google still using that for spyware purposes.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

Post Reply