PowerDNS have written a blog post about the recent attempts by Mozilla and Cloudflare to move browser-related DNS resolution to a Cloudflare-provided service, citing privacy reasons.
It will be implemented using DNS over HTTPS, making DNS traffic opaque to operators of the users network. But in turn for the DoH provider this also means that each DNS query is attributable down to a per-device level thanks to long-running HTTP connections and TLS session resumption.
Mozillas & Cloudflares reasoning seems to be that users should trust their ISP (last mile) and ISP-provided DNS resolvers less than Cloudflare.
This line of thinking probably doesn't hold true for all regions in the world.
No comments:
Post a Comment