How to use Bind response policy zone to stop Firefox from using DNS over HTTPS
amb-sendok-1570716238.hibbijikdiaocpfokmdl at bradfords.org
Tue Sep 10 08:03:58 MDT 2019
Thus said Joel Finlinson on Mon, 09 Sep 2019 22:34:07 -0600:
> Looks like Google wants in on the game with Chrome too.
I noticed that in the Firefox wiki  it mentioned dns.google.com as an
alternative, so I blocked that as well.
> *Motivation* Most DNS resolution today occurs over an unencrypted
> channel. This is bad for privacy and for security reasons.
While I understand their motivation, I disagree that DNS problems should
be solved in the application which seems a bit short-sighted and only
solves it for that one application. DNS is just one part of the
problem--the larger part is cryptography and making sure that PKI
infrastructure is solid---then it doesn't matter if someone hijacks DNS
(unless the user is in the habit of just clicking through security
One of these days I'll get around to setting up a DNSCurve resolver...
TAI64 timestamp: 400000005d77ad73
More information about the PLUG