On 4/13/20, tomas wrote: > On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote: > > [...] > >> Mozilla claims it's a privacy issue: >> https://support.mozilla.org/en-US/kb/firefox-dns-over-https >> Benefits > > Yes, sure [1], but *not in each and every friggin' application*.
I prefer apps that don't "phone home". > It'd be OK for the local DNS caching resolver to forward its > queries to some DOH responder "out there", *configurable by > the local sys admin. Locally, you have the same posibilities > (resolv.conf, nsswitch, hosts). Agreed. But how many home users have a local sys admin? That knows how to configure the local resolver? OK .. on this list, probably most. But *nix users are what percentage of all users? > [1] I know. Even with DNSSEC, your ISP can see it /is/ DNS > traffic, dnssec just adds a cryptographic signature to the data -- everything is still done "in the clear" (like Debian updates. or has buster switched to using https for downloading updates?) > whereas they have given up (have they)? on sniffing https. not that I've heard. There's something coming Real Soon Now that will prevent ISPs from seeing the name of the server you're connecting to but I don't remember what it's called right now :( Regards Lee
