Reply to post: Re: Workstation, Server, and Router Options

In the two years since Dyn went dark, what have we learned? Not much, it appears

fronty

Re: Workstation, Server, and Router Options

They already are, Firefox has added it's own resolver so they can support DoH (DNS over HTTPS), Chrome also has it's own resolver (albeit it uses the DNS servers set by the O/S) apparently with support for DoH (but not enabled yet) - it's only a matter of time before they enable it and start sending all queries to 8.8.8.8.

DoH is an absolute minefield, because now the browsers are controlling where your DNS traffic goes. Firefox has decided to use Cloudflare by default, you can change it but then you'll have to start managing browser configs. This is the thin end of a very fat wedge, imagine if every application decided to send DNS queries to it's own "preferred" DNS service? How do you manage all this? And DoH queries can be embedded "inside" normal HTML, so how do you block it?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019