[talk] DNS over TLS
George Rosamond
george at ceetonetechnology.com
Thu Sep 12 19:00:00 EDT 2019
Brian Reynolds:
> George Rosamond wrote:
>>
>> If you haven't heard, Firefox is enabling DOT by default.
>>
>> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
>> worth hearing. We need to get him to speak when he's in NYC.
>>
>> DOT means no more dns lookups over UDP to the locally configured
>> resolvers, but all straight to Cloudflare.
>
> It is my understanding that Paul Vixie was to talk about DNS over
> HTTPS.
Ah, I was misinformed!
>
> These both may have privacy and anonymity concerns, but I don't think
> that they have the same concerns.
Agree.
>
> A meeting about both of these methods, and how we got here (i.e., why
> not DNSSEC) would be a good one.
Very much.
>
>> This is the relevant js to change in any user.js config file to never
>> use DOT:
>>
>> https://wiki.mozilla.org/Trusted_Recursive_Resolver
>>
>> pref("network.trr.mode", 5);
>
> I think you can also change that in Firefox's about:config page. It
> looks like you can change the resolver name an url also.
>
Yes, I thought that was obvious, but should have stated.
That line above is what goes into a user.js or however you insert
changes to about:config with new profiles.
g
More information about the talk
mailing list