Re: DOH

To: debian-user@lists.debian.org
Subject: Re: DOH
From: Liam O'Toole <liam.p.otoole@gmail.com>
Date: Tue, 14 Apr 2020 22:26:09 +0100
Message-id: <[🔎] 20200414212609.GK8807@dipsy.tubbynet>
Mail-followup-to: Liam O'Toole <liam.p.otoole@gmail.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] E1jOSOO-0003Sd-VU@enotuniq.net>
References: <[🔎] CAD8GWssYFCR-YHvucyzYXDuaNw+Skhyrb9OKmrBJz_Puk88DMg@mail.gmail.com> <[🔎] E1jNrwI-0006AF-RV@enotuniq.net> <[🔎] 20200413081602.bcvnm23ijdgybopv@cbuster.nuvreauspam> <[🔎] E1jNvqk-0006TT-Uu@enotuniq.net> <[🔎] 20200413111444.GA8807@dipsy.tubbynet> <[🔎] E1jNz0F-0006kL-IW@enotuniq.net> <[🔎] 20200413151617.GC8807@dipsy.tubbynet> <[🔎] 877dyj9z34.fsf@dhh.gt.org> <[🔎] CAJP1waPZq6prn1bf_vZ7xqOqwK+ow873AqdhTA9tvixmLNvoFw@mail.gmail.com> <[🔎] E1jOSOO-0003Sd-VU@enotuniq.net>

On Tue, 14 Apr, 2020 at 23:42:48 +0300, Reco wrote:

[...]

> > 2. Having completed a DNS lookup unbeknownst to the ISP, we still have
> > to make a connection to the resulting IP address through the ISP's
> > gateway. The ISP can perform a reverse DNS lookup of the IP address if
> > they are determined to snoop.
> 
> And that is why it's important to use DNS over TLS.
> Unless your ISP can magically decrypt TLS on the fly, the scenario
> you're describing is impossible. 

I think you misunderstand me. I'm talking about making a connection to
an IP address that you have already obtained by (encrypted) DNS. For
example, your personal bind instance tells you that www.debian.org
resolves to 130.89.148.77. Assuming you then connect to that IP address
through your ISP, there's nothing to stop them performing a reverse DNS
lookup on it.

Reply to:

Follow-Ups:
- Re: DOH
  - From: Celejar <celejar@gmail.com>
- Re: DOH
  - From: John Hasler <jhasler@newsguy.com>
- Re: DOH
  - From: Reco <recoverym4n@enotuniq.net>

References:
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>
- Re: DOH
  - From: John Hasler <jhasler@newsguy.com>
- Re: DOH
  - From: "Liam O'Toole" <liam.p.otoole@gmail.com>
- Re: DOH
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: HTML mail + PDF attachments
Next by Date: Re: DOH
Previous by thread: Re: DOH
Next by thread: Re: DOH
Index(es):
- Date
- Thread