undefined | Better HN

0 pointsalwillis5y ago0 comments

Apple devices are not anywhere near ready to utilize this dns protocol.

The latest versions of macOS and iOS already support DoH and DoT; Apple could push an update tomorrow to enable ODoH tomorrow if they wanted to.

Encrypted dns might be already in use by government or military agencies, but they know too well the effects of cascading this tech down to the masses. They will never let this reach the public.

You do know we've had encrypted DNS for years, right? It has some issues, which this new protocol is designed to address. There's no reason to believe "they" can or will intervene to stop ODoH.

0 comments

freebuju5y ago

I don't think you understand how DNS works.

DoT and DoH should not be confused for encrypted DNS.

Encrypted dns is still a myth to most users. Major resolvers do not support it since it directly conflicts with with their data collection business.

All forms of Internet communications can be largely encrypted. Dns is the last frontier remaining. It remains so for good reason...

alwillisOP5y ago

I don't think you understand how DNS works. I don't think you're in a position to comment on what I do or don't know about DNS.

Encrypted dns is still a myth to most users. Major resolvers do not support it since it directly conflicts with with their data collection business.

Except those users using Firefox or Chrome, which come with DNS over HTTPS (DoH) preconfigured. Or those who've been running DoT on their home networks, which I setup quite a while ago now.

From the Wikipedia article on DoH, emphasis mine: "A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks[1] by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

DNS over TLS (DoT) RFC: "This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626."

The lack of DNS encryption isn't what Apple and Cloudflare are addressing; it's that whoever runs the DNS resolver can still see the websites you're visiting and ODoH fixes that.

freebuju5y ago

Again you keep referring to DoT and DoH which I insist do not encrypt your dns queries from your ISP. They may offer added security but do not keep your requests private. ODoH attempts to keep your requests private from the resolver only. A benefit which is a good step but doesn't ultimately keep your dns private from your ISP.

This is the major flaw I find with such claims of encrypted dns. Your isp can still see which sites you visit, oDoH or not.

1 more reply

j / k navigate · click thread line to collapse

0 pointsalwillis5y ago0 comments

Apple devices are not anywhere near ready to utilize this dns protocol.

The latest versions of macOS and iOS already support DoH and DoT; Apple could push an update tomorrow to enable ODoH tomorrow if they wanted to.

Encrypted dns might be already in use by government or military agencies, but they know too well the effects of cascading this tech down to the masses. They will never let this reach the public.

You do know we've had encrypted DNS for years, right? It has some issues, which this new protocol is designed to address. There's no reason to believe "they" can or will intervene to stop ODoH.

0 comments

freebuju5y ago

I don't think you understand how DNS works.

DoT and DoH should not be confused for encrypted DNS.

Encrypted dns is still a myth to most users. Major resolvers do not support it since it directly conflicts with with their data collection business.

All forms of Internet communications can be largely encrypted. Dns is the last frontier remaining. It remains so for good reason...

alwillisOP5y ago

I don't think you understand how DNS works. I don't think you're in a position to comment on what I do or don't know about DNS.

Encrypted dns is still a myth to most users. Major resolvers do not support it since it directly conflicts with with their data collection business.

Except those users using Firefox or Chrome, which come with DNS over HTTPS (DoH) preconfigured. Or those who've been running DoT on their home networks, which I setup quite a while ago now.

The lack of DNS encryption isn't what Apple and Cloudflare are addressing; it's that whoever runs the DNS resolver can still see the websites you're visiting and ODoH fixes that.

freebuju5y ago

This is the major flaw I find with such claims of encrypted dns. Your isp can still see which sites you visit, oDoH or not.

1 more reply

j / k navigate · click thread line to collapse