> On Mar 22, 2019, at 12:21 AM, Wes Hardaker <wjh...@hardakers.net> wrote: > > If DNS privacy is a goal, systems and applications SHOULD use DNS over > TLS to encrypt traffic to their local resolver if possible (unless the > system and application distrusts the local resolver infrastructure).
Maybe we should start by defining DNS Privacy. There are two issues: using an encrypted transport; and, using a DNS resolver trusted to respect the privacy of queries. Both are necessary. One without the other makes little sense. Much of the debate is on the second point. One position is that users should be forced to trust the DNS resolver provided by the local infrastructure. Another position is that users have the right to apply their own policy and decide which server they will trust, based on some configuration. -- Christian Huitema _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop