Re: DOH

To: John Hasler <jhasler@newsguy.com>
Subject: Re: DOH
From: "Liam O'Toole" <liam.p.otoole@gmail.com>
Date: Tue, 14 Apr 2020 18:25:24 +0100
Message-id: <[🔎] CAJP1waPZq6prn1bf_vZ7xqOqwK+ow873AqdhTA9tvixmLNvoFw@mail.gmail.com>
In-reply-to: <[🔎] 877dyj9z34.fsf@dhh.gt.org>
References: <[🔎] 20200412101045.GL7740@tuxteam.de> <[🔎] E1jNZjg-0001wc-LQ@enotuniq.net> <[🔎] 20200412103544.GM7740@tuxteam.de> <[🔎] E1jNaP5-0001xW-R0@enotuniq.net> <[🔎] CAD8GWssYFCR-YHvucyzYXDuaNw+Skhyrb9OKmrBJz_Puk88DMg@mail.gmail.com> <[🔎] E1jNrwI-0006AF-RV@enotuniq.net> <[🔎] 20200413081602.bcvnm23ijdgybopv@cbuster.nuvreauspam> <[🔎] E1jNvqk-0006TT-Uu@enotuniq.net> <[🔎] 20200413111444.GA8807@dipsy.tubbynet> <[🔎] E1jNz0F-0006kL-IW@enotuniq.net> <[🔎] 20200413151617.GC8807@dipsy.tubbynet> <[🔎] 877dyj9z34.fsf@dhh.gt.org>

On Mon, 13 Apr 2020 at 16:37, John Hasler <jhasler@newsguy.com> wrote:
>
> Liam writes:
> > I'm not familiar with bind. Does it work by consulting root name
> > servers directly?
>
> It starts with the root servers and builds a database in exactly the
> same way your ISP's DNS server does.  In fact, it is probably what your
> ISP uses.

I see.

I have two reservations about the approach advocated by Reco above.
Maybe I'm not seeing some part of the big picture.

1. The risk of DNS snooping is merely shifted from the ISP to the VPS provider.
2. Having completed a DNS lookup unbeknownst to the ISP, we still have
to make a connection to the resulting IP address through the ISP's
gateway. The ISP can perform a reverse DNS lookup of the IP address if
they are determined to snoop.

Of course, the above can be mitigated using tor or a VPN, but setting
up your personal bind instance doesn't achieve much on its own.

Reply to:

Follow-Ups:
- Re: DOH
  - From: Reco <recoverym4n@enotuniq.net>

References:
- Re: geolocation services disabled and Gnome maps
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>
- Re: DOH
  - From: John Hasler <jhasler@newsguy.com>

Prev by Date: Re: Re: Re: Missing Audio Driver in Debian 10 Vmware
Next by Date: Re: HTML mail + PDF attachments
Previous by thread: Re: DOH
Next by thread: Re: DOH
Index(es):
- Date
- Thread