On Sun, Apr 12, 2020 at 07:46:38PM -0400, Lee wrote: [...] > Mozilla claims it's a privacy issue: > https://support.mozilla.org/en-US/kb/firefox-dns-over-https > Benefits Yes, sure [1], but *not in each and every friggin' application*. It'd be OK for the local DNS caching resolver to forward its queries to some DOH responder "out there", *configurable by the local sys admin. Locally, you have the same posibilities (resolv.conf, nsswitch, hosts). But letting an app bypass that, to some Mozilla-blessed DOH service is *not nice*. Just imagine your solitaire game had its very own way of doing name resolving. Cheers [1] I know. Even with DNSSEC, your ISP can see it /is/ DNS traffic, whereas they have given up (have they)? on sniffing https. -- tomás
Attachment:
signature.asc
Description: Digital signature