How to use Bind response policy zone to stop Firefox from using DNS over HTTPS

Andy Bradford amb-sendok-1570716238.hibbijikdiaocpfokmdl at bradfords.org
Tue Sep 10 08:03:58 MDT 2019


Thus said Joel Finlinson on Mon, 09 Sep 2019 22:34:07 -0600:

> Looks like Google wants in on the game with Chrome too.

I noticed that in the Firefox wiki [1] it mentioned dns.google.com as an
alternative, so I blocked that as well.

[1] https://wiki.mozilla.org/Trusted_Recursive_Resolver

> *Motivation*  Most DNS  resolution  today occurs  over an  unencrypted
> channel. This is bad for privacy and for security reasons.

While I understand their motivation, I disagree that DNS problems should
be solved  in the application which  seems a bit short-sighted  and only
solves  it  for that  one  application.  DNS is  just  one  part of  the
problem--the  larger  part is  cryptography  and  making sure  that  PKI
infrastructure is solid---then it doesn't  matter if someone hijacks DNS
(unless  the user  is in  the habit  of just  clicking through  security
warnings).

One of these days I'll get around to setting up a DNSCurve resolver...

Andy
-- 
TAI64 timestamp: 400000005d77ad73




More information about the PLUG mailing list