[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
This DNS over HTTP thing
- Subject: This DNS over HTTP thing
- From: jra at baylink.com (Jay Ashworth)
- Date: Thu, 03 Oct 2019 14:32:36 -0400
- In-reply-to: <CAOU0tYA9c3ggCGbE7Kkor7pZihnrtpkb2xbMWjOnX6_FTL59=A@mail.gmail.com>
- References: <[email protected]> <[email protected]> <CAOU0tYA9c3ggCGbE7Kkor7pZihnrtpkb2xbMWjOnX6_FTL59=A@mail.gmail.com>
You might recommend that to me if running DNS tunnelled through another protocol was a thing I wanted to do.
But it's not. I think it's horrible Internet engineering hygiene, and I don't just not want to do it myself, I don't think anybody else ought to do it either.
And I think that if end-users understood all of the concerns, they would agree with me on that - I get paid to know what end users would think.
On October 3, 2019 10:28:37 AM EDT, Curtis Maurand <cmaurand at gmail.com> wrote:
>Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you
>can
>put in front of your recursors and It implements dns over https if you
>want
>it to. It's open sources and ensures that you're not limited to
>Google's
>or Cloudflare's servers which exist to drive advertising at you (I've
>seen
>infected ads pwn machines). I have much more paranoid reasons for
>implementing, namely preventing 3rd parties from getting my histories.
>
>On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <jra at baylink.com> wrote:
>
>> ----- Original Message -----
>> > From: "John Levine" <johnl at iecc.com>
>>
>> > In article
><804699748.1254612.1570037049931.JavaMail.zimbra at baylink.com>
>> you
>> > write:
>> >>Tools. Are. Neutral.
>> >>
>> >>Any solution to a problem that involves outlawing or breaking tools
>will.
>> >>Not. Solve. Your. Problem.
>> >
>> > I think in the outside world you'll find very little support for an
>> argument
>> > that filtering DNS is fundamentally broken.
>> >
>> > Sure, you can do it in broken ways, but it's going to be really
>hard
>> > to persuade anyone that their lives are better if they have
>unfiltered
>> > access to the malware links in their spam.
>>
>> I expect I would.
>>
>> But this is not "filtering DNS". It's "making a bodge-handed attempt
>to
>> REPLACE DNS (well, proxy it) for only one application/layer".
>>
>> My problem isn't what they're using it for; it's that they've
>implemented
>> it so poorly.
>>
>> I live down here in the trenches, John, where "it doesn't work" is
>the
>> calibre
>> of problem reports I get. When my tools say that "yes, it does",
>*I'm*
>> the one
>> who takes it in the nads because Mozilla had a Better Fuckin' Idea.
>>
>> That it will likely cause lots of 50,000ft problems to is just a
>cherry on
>> the
>> top.
>>
>> Cheers,
>> -- jra
>>
>> --
>> Jay R. Ashworth Baylink
>> jra at baylink.com
>> Designer The Things I Think
>RFC
>> 2100
>> Ashworth & Associates http://www.bcp38.info 2000 Land
>> Rover DII
>> St Petersburg FL USA BCP38: Ask For It By Name! +1 727
>647
>> 1274
>>
>
>
>--
>--Curtis
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191003/21d32177/attachment.html>