[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DOH



On 12/04/2020 14:39, tomas@tuxteam.de wrote:
On Sun, Apr 12, 2020 at 07:33:51AM -0400, Gene Heskett wrote:

[...]

I don't either, but at some point in an https environment, it seems to me
that a dns lookup is going to have to be translated into a plain dns
lookup.
No, that's not how it works. When the browser wants to resolve a
name, it doesn't "do" DNS (when it's doing DOH, that is) but uses
some "web-service-ish" protocol over https to some server out there
(cloudflare, e.g.) which does the resolution and answers via https.

Thus bypassing whatever scheme the sysadmin has set up for DNS.

I don't have polite words for that.

Cheers
-- t

Security has a lot to answer for.

It's amazing how much is done in this day and age, in _all_ walks of life, in the name of so called security.

--
Michael Howard


Reply to: