Reply to post: exactly

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

john.jones.name
Mushroom

exactly

the problem is that end point (slab or phone or actual so called personal computer ) mostly have terrible resolvers which on a PC is most often down to Microsoft

So firefox decided to bypass the system (in the USA) and setup a TLS connection to cloudflare and send all the traffic to them (effectively over a SSL tunnel).

the BOFH who setup all those internal websites was none to pleased since support calls came in...

the BOFH who monitored for p0rn was none to pleased when everyone bypassed the controls...

solution from networking types was use a standard DoT which phones work with(modern android and MDM'd iPhones)... and respect the BOFH while still giving privacy if the BOFH allowed it... which they wont but then they will block DoH anyway via fancy DPI so that solves nothing either

my issue is that NONE of this infrastructure actually verified the answers they are getting.. how dumb is that ?

VERY

Microsoft realise that they have to do some engineering on their resolver I hope they realise verification is important...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020