Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15701 > unrolled thread

Re: DoH plugin for BIND

Started byMichael De Roover <isc@nixmagic.com>
First post2020-05-02 09:35 +0200
Last post2020-05-02 09:35 +0200
Articles 1 — 1 participant

Back to article view | Back to comp.protocols.dns.bind

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: DoH plugin for BIND Michael De Roover <isc@nixmagic.com> - 2020-05-02 09:35 +0200

#15701 — Re: DoH plugin for BIND

FromMichael De Roover <isc@nixmagic.com>
Date2020-05-02 09:35 +0200
SubjectRe: DoH plugin for BIND
Message-ID<mailman.324.1588404919.942.bind-users@lists.isc.org>
I don't live in the US myself, but from what I've heard it's actually 
among the least censored countries out there at the DNS level. Again, I 
don't consider it right to block content, at least if said content 
doesn't break local laws. If anything I'd like to actually retain my 
ability to bypass DNS blocks by simply changing my DNS server to a more 
favorable one. With DoH that would likely become much harder. Not to 
mention that HTTPS isn't the holy grail for bypassing that either. The 
Facebooks and Googles out there use HSTS to mitigate TLS stripping but 
that requires a list to be hardcoded in every web browser that supports 
it. It doesn't scale up at all. At that point we might as well go back 
to hosts files.

On 5/2/20 9:28 AM, Reindl Harald wrote:
> Am 02.05.20 um 09:00 schrieb Michael De Roover:
>> That's actually my biggest concern with DoH, ISP blocking. It doesn't
>> seem as obvious as it is with DoT, but deep packet inspection (DPI) is
>> already a thing. Don't expect an ISP that wants to block DoT to not
>> (want to) block DoH either. The crux of the problem at that point is not
>> the technology, it is the ISP's incentives. If the ISP wants to block
>> DoT for whatever reason, personally I'd consider it.. not exactly fine
>> but at least their right to do so. That's their decision to make.
> seriously?
>
> that seems to be some US attitude, no wonder what happens there with
> user attitudes like "but at least their right to do so"
>
> the ISP by definition has exactly one right: get money for his service
> which is described as "route and transfer every package, don't look at
> it, don't mangle it, you have no business about the content of my traffic"
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Met vriendelijke groet / Best regards,
Michael De Roover

[toc] | [standalone]

Back to top | Article view | comp.protocols.dns.bind

csiph-web