Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15698
| From | "@lbutlr" <kremels@kreme.com> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: DoH plugin for BIND |
| Date | 2020-05-01 15:51 -0600 |
| Message-ID | <mailman.321.1588369873.942.bind-users@lists.isc.org> (permalink) |
| References | <85af55bb-1b23-b847-3de9-ffb198bc9fb9@web.de> <20200429074035.GA91269@isc.org> <d08a148f-18f6-1972-1064-2f878b79bee2@nixmagic.com> <alpine.DEB.2.20.2004292100400.16665@grey.csi.cam.ac.uk> <8670427D-C5E5-42E3-AFEB-BA15F74E5F53@kreme.com> |
On 29 Apr 2020, at 14:19, Tony Finch <dot@dotat.at> wrote: > DoT is easier since you only need a raw TLS reverse proxy, and there are > lots of those, for example, nginx: DOH is better because it cannot be blocked without blocking all https traffic. (FSVO of better, of course. I am sure there is a vi/emacs space/tab trek/wars religious canonical war here, but being able to guarantee access to secure DNS is definitely better for users). All that its need to subvert DoT is to block port 853. If DoT takes off, I expect all US ISPs to block port 853 universally. There’s nothing they can do about DoH. Not that it is all sunshine and rainbows in DoH-land, of course. Use of cookies is “discouraged” but not prevented, most obviously. -- 'You're your own worst enemy, Rincewind,' said the sword. Rincewind looked up at the grinning men. 'Bet?' --Colour of Magic
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: DoH plugin for BIND "@lbutlr" <kremels@kreme.com> - 2020-05-01 15:51 -0600
csiph-web