Re: Securing DNS traffic

To: Jörn Clausen <joernc%googlemail.com@localhost>
Subject: Re: Securing DNS traffic
From: Sad Clouds <cryintothebluesky%gmail.com@localhost>
Date: Sun, 24 May 2020 22:22:56 +0100

On Sun, 24 May 2020 20:55:29 +0200
Jörn Clausen <joernc%googlemail.com@localhost> wrote:

> I simply don't get how this is a use case for DoT or DoH. Even if you
> disguise the DNS lookup, the next packet you send will be directed to
> the address you just looked up. Unless this happens to be a virtual
> hosting service, it is quite clear to your ISP what you are doing. I
> recommend this talk by Paul Vixie

There is always potential for surveillance. You may think you're safe
on a VPN, but if you didn't setup the endpoints yourself, on your own
hardware, how can you trust some VPN provider 100%? You can't.

I think the value of DoT is to stop DNS traffic hijacking and
redirection. Even if you configure /etc/resolv.conf to point to some
trusted DNS server, your ISP (or anyone else) can surreptitiously
redirect it to their own DNS server for various purposes (tracking,
filtering, serving ads, etc). Yes there are other ways to track people,
but the less info you leak in plain text the better.

Follow-Ups:
- Re: Securing DNS traffic
  - From: Jörn Clausen

References:
- Securing DNS traffic
  - From: Sad Clouds
- Re: Securing DNS traffic
  - From: Jeffrey Walton
- Re: Securing DNS traffic
  - From: Havard Eidnes
- Re: Securing DNS traffic
  - From: Aaron B.
- Re: Securing DNS traffic
  - From: Jörn Clausen

Prev by Date: Re: NetBSD Jails
Next by Date: Re: Securing DNS traffic
Previous by Thread: Re: Securing DNS traffic
Next by Thread: Re: Securing DNS traffic
Indexes:

Home | Main Index | Thread Index | Old Index