[talk] DNS over TLS

Brian Reynolds nycbug-talk at reynolds.users.panix.com
Thu Sep 12 18:19:18 EDT 2019

George Rosamond wrote:
> If you haven't heard, Firefox is enabling DOT by default.
> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
> worth hearing. We need to get him to speak when he's in NYC.
> DOT means no more dns lookups over UDP to the locally configured
> resolvers, but all straight to Cloudflare.

It is my understanding that Paul Vixie was to talk about DNS over

These both may have privacy and anonymity concerns, but I don't think
that they have the same concerns.

A meeting about both of these methods, and how we got here (i.e., why
not DNSSEC) would be a good one.

> This is the relevant js to change in any user.js config file to never
> use DOT:
> https://wiki.mozilla.org/Trusted_Recursive_Resolver
> pref("network.trr.mode", 5);

I think you can also change that in Firefox's about:config page.  It
looks like you can change the resolver name an url also.

Brian Reynolds -- reynolds at panix.com
"Long ago, it was the way of my people to travel to the Moon.  My people
travelled to the Moon in a ship called 'Apollo.' I tell the story of Apollo
in the hope that some day, my people will again travel to the Moon." P. Alway

More information about the talk mailing list