Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15698
| Path | csiph.com!aioe.org!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | "@lbutlr" <kremels@kreme.com> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: DoH plugin for BIND |
| Date | Fri, 1 May 2020 15:51:15 -0600 |
| Lines | 29 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.321.1588369873.942.bind-users@lists.isc.org> (permalink) |
| References | <85af55bb-1b23-b847-3de9-ffb198bc9fb9@web.de> <20200429074035.GA91269@isc.org> <d08a148f-18f6-1972-1064-2f878b79bee2@nixmagic.com> <alpine.DEB.2.20.2004292100400.16665@grey.csi.cam.ac.uk> <8670427D-C5E5-42E3-AFEB-BA15F74E5F53@kreme.com> |
| NNTP-Posting-Host | lists.isc.org |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1588369886 16336 149.20.1.60 (1 May 2020 21:51:26 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users <bind-users@lists.isc.org> |
| Return-Path | <kremels@kreme.com> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| In-Reply-To | <alpine.DEB.2.20.2004292100400.16665@grey.csi.cam.ac.uk> |
| X-Mailer | Apple Mail (2.3608.80.23.2.2) |
| X-Spam-Status | No, score=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <8670427D-C5E5-42E3-AFEB-BA15F74E5F53@kreme.com> |
| X-Mailman-Original-References | <85af55bb-1b23-b847-3de9-ffb198bc9fb9@web.de> <20200429074035.GA91269@isc.org> <d08a148f-18f6-1972-1064-2f878b79bee2@nixmagic.com> <alpine.DEB.2.20.2004292100400.16665@grey.csi.cam.ac.uk> |
| Xref | csiph.com comp.protocols.dns.bind:15698 |
Show key headers only | View raw
On 29 Apr 2020, at 14:19, Tony Finch <dot@dotat.at> wrote: > DoT is easier since you only need a raw TLS reverse proxy, and there are > lots of those, for example, nginx: DOH is better because it cannot be blocked without blocking all https traffic. (FSVO of better, of course. I am sure there is a vi/emacs space/tab trek/wars religious canonical war here, but being able to guarantee access to secure DNS is definitely better for users). All that its need to subvert DoT is to block port 853. If DoT takes off, I expect all US ISPs to block port 853 universally. There’s nothing they can do about DoH. Not that it is all sunshine and rainbows in DoH-land, of course. Use of cookies is “discouraged” but not prevented, most obviously. -- 'You're your own worst enemy, Rincewind,' said the sword. Rincewind looked up at the grinning men. 'Bet?' --Colour of Magic
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: DoH plugin for BIND "@lbutlr" <kremels@kreme.com> - 2020-05-01 15:51 -0600
csiph-web