Surprising that tech people judge (DNS-over-HTTPS) from an Operator perspective and not from a User one.

Centralization: Users forced to use their ISPs provider. Unencrypted & censored.

: Users have the autonomy to pick an encrypted DNS provider.

@comzeradd my beef with #DoH is that applications effectively stop respecting system dns resolver settings so for the average user it's impossible to globally redirect all dns they now have to override it in every application that does DoH which is worse for decentralization as no one will bother anymore.

@jeff system for average user it's hard to fix dns leaks when they use proxy/tor in apps. DoH is helpful in that case. I don't like system DNS at all. In app DoH settings give more flexibility. I don't want the system access to the internet or DNS. Only for apps which actually require network access. @comzeradd

@fshadow @comzeradd that is all predicated on the assumption that the DoH provider is trustworthy, i dont trust cloudflare.

@jeff @fshadow for most users their DNS is not even a system setting. It's an ISP router setting. How is that better?

I don't like Cloudflare either, but I can use another provider. Why would I trust my ISP better than a DoH provider?

@comzeradd @fshadow you can't trust either, you can only secure your dns if all your applications respect the settings and you set it to something secure.

@jeff yes, but keep in mind that for many people their browser is their system. That's what they use almost exclusively.

What would you suggest to a simple user in order to secure their DNS? There is no easy way to prevent your ISP from logging your DNS queries.


@jeff I don't trust cloudflare, as well as I don't trust my ISP. But with DoH provider will see my real IP, my proxy IP or the tor exit node IP. And without DoH ISP will see my DNS requests and the DNS server will know my IP. @comzeradd

Sign in to participate in the conversation

a mastodon instance run by LibreOps