----- Original Message ----- > From: "Stephane Bortzmeyer" <bortzme...@nic.fr>
> On Mon, Sep 30, 2019 at 11:56:33PM -0400, > Brandon Martin <lists.na...@monmotha.net> wrote > a message of 10 lines which said: > >> It's use-application-dns.net. NXDOMAIN it, and Mozilla (at least) >> will go back to using your local DNS server list as per usual. > > Unless, I hope, the user explicitely overrides this. (Because this > canary domain contradicts DoH's goals, by allowing the very party you > don't trust to remotely disable security.) Security? This is thought to be about security? Didn't we already *fix* DNS SECurity? No, I tend to buy the "Alphabet looking over your shoulder" argument a lot more than 'security', here, so far. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274