Re: DOH (was: geolocation services disabled and Gnome maps)
On Tue, 14 Apr 2020 05:45:45 -0400
Lee <ler762@gmail.com> wrote:
> On 4/13/20, Celejar wrote:
> > On Mon, 13 Apr 2020 08:47:22 +0300
> > Reco <recoverym4n@enotuniq.net> wrote:
> >
> >> Hi.
> >>
> >> On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote:
> >
> > ...
> >
> >> > I just did a quick search and couldn't find anything for smart TVs
> >> > using DOH.
> >>
> >> Probably because they aren't there yet. A typical smart TV is based on
> >> the Android, and Google haven't said their word about DOH so far.
> >
> > I suppose you mean DoH specifically, as opposed to DNS over TLS (DoT),
> > but just to clarify for the record, they have implemented the latter:
> >
> > https://blog.cloudflare.com/enable-private-dns-with-1-1-1-1-on-android-9-pie/
> > https://www.techrepublic.com/article/how-to-enable-dns-over-tls-in-android-pie/
> >
>
> Yes, DNS over HTTPS specifically is the concern. DNS over TLS uses a
> specific port (that they could change, yeah, i know) that I have
> blocked, so I'm not all that concerned about DoT.
Ah, I think I understand. But if you're really worried about bad guys:
> > 3) Bad guys and gals can hijack DNS too, to the usual hilarious results.
>
> And the bad guys and gals can use DOH to "hide" their traffic and
> circumvent things like pihole. I just did a quick search and couldn't
> find anything for smart TVs using DOH. Probably because my search
> skillz sux :(
why would they be limited by whatever the OS supports? Surely their
malware can easily include an internal DoH implementation, although I
suppose you'll at least be safer from malware that doesn't bother.
Celejar
Reply to:
- Follow-Ups:
- Re: DOH
- From: John Hasler <jhasler@newsguy.com>