> On 25 Mar 2019, at 6:06 pm, Daniel Stenberg <dan...@haxx.se> wrote: > > On Sun, 24 Mar 2019, Vittorio Bertola wrote: > >> In today's "plain DNS" world, I choose a DNS resolver that provides that >> kind of filters for me, I set it up on my router, and my router pushes it to >> my smart TV via DHCP. What is the "existing configuration mechanism" that >> allows me to set this policy in the DoH world, i.e. if the TV came equipped >> with applications preconfigured to use their own remote resolver via DoH? > > We can easily turn this example the other way around. > > With Do53 in your TV, your kids can easily fool your TV with their own DHCP > responses or by intercepting and intefering with the DNS traffic while you're > at work. > > With DoH used in the TV, set to use a trusted server, they can’t.
Which won’t work if the network is filtering Do53 traffic to non approved servers or if the TV is manually configured with Do53 or DoT servers and the TV’s configuration is locked down. Yes, TV’s do have the ability to lock this part of the configuration down same as filters on program ratings can be enforced provided the data stream includes the rating information. The problem with DoH is that it makes filtering difficult. That is both a good and a bad thing depending on your perspective and responsibilities. It’s a pandora’s box. > -- > > / daniel.haxx.se > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop