undefined | Better HN

0 pointsbluejekyll7y ago0 comments

You are correct for the initial request. I've seen many arguing for taking this to another level of actually sending DNS requests over the same HTTPS session being used with a site the browser is currently connected to.

0 comments

jchw7y ago

Is this standardized/drafted? I am curious how one might implement this.

bluejekyllOP7y ago

See this thread with one of the authors of the RFC: https://news.ycombinator.com/item?id=16728600

patrickmcmanus7y ago

Everybody is right in this thread :)

First, just to avoid confusion, the post linked to this HN article is just about the classic recursive resolver model. That's the scope of what is being experimented with actively.

Second, the notion of resolverless dns (where dns records are obtained from somewhere other than your recursive resolver) is indeed something DoH contemplates but does not yet allow. That's because issues around tracking, correctness, and attacks haven't been fully explored. So unsolicited DNS is interesting but its not something any browser would accept yet.

There are some other opinions on how HTTPS matches the needs of DNS here: https://bitsup.blogspot.com/2018/05/the-benefits-of-https-fo...

1 more reply

j / k navigate · click thread line to collapse