So I’m not understanding how DNS over HTTPS helps anything. You still need to trust your local resolver to get to your trusted resolver, and you still need to trust everything your trusted resolver talks to. I also don’t see how this can work with BGP-based anycast resolution for CDNs. And what about corporate intranets, too?

It feels like the solution causes more problems which are all solved by throwing more “trusted” configuration at it.

Follow

hacks.mozilla.org/2018/05/a-ca purports to explain DoH but really it does a good job of explaining the problem with port 53 DNS but then just does a gigantic handwave about DoH itself, and also “we’re happy to make cloudflare the default trusted resolver” like uhhhhhh.

@fluffy Pretty much, yes. Also there is no privacy once it hits the recursive server’s upstream wire.

@Kyreeth Yeah although when it gets upstream the source isn't (as) identifiable.

@fluffy Depends what’s cached and how many people are using the caching server, otherwise query generating recursion is possibly a bit more correlatable than you’d think.

@Kyreeth True. But the privacy concern that DoH supposedly handles is that of your ISP spying on you, not about the site's advertisers or whatever.

Sign in to participate in the conversation
Queer Party!

A silly instance of Mastodon for queer folk and non-queer folk alike. Let's be friends!