[talk] DNS over TLS
Pat McEvoy
mcevoy.pat at gmail.com
Fri Sep 13 01:27:34 EDT 2019
> On Sep 12, 2019, at 19:00, George Rosamond <george at ceetonetechnology.com> wrote:
>
>
>
> Brian Reynolds:
>> George Rosamond wrote:
>>>
>>> If you haven't heard, Firefox is enabling DOT by default.
>>>
>>> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
>>> worth hearing. We need to get him to speak when he's in NYC.
>>>
>>> DOT means no more dns lookups over UDP to the locally configured
>>> resolvers, but all straight to Cloudflare.
>>
>> It is my understanding that Paul Vixie was to talk about DNS over
>> HTTPS.
>
> Ah, I was misinformed!
>
>>
>> These both may have privacy and anonymity concerns, but I don't think
>> that they have the same concerns.
>
> Agree.
>
>>
>> A meeting about both of these methods, and how we got here (i.e., why
>> not DNSSEC) would be a good one.
>
> Very much.
>
>>
>>> This is the relevant js to change in any user.js config file to never
>>> use DOT:
>>>
>>> https://wiki.mozilla.org/Trusted_Recursive_Resolver
>>>
>>> pref("network.trr.mode", 5);
>>
>> I think you can also change that in Firefox's about:config page. It
>> looks like you can change the resolver name an url also.
>>
>
> Yes, I thought that was obvious, but should have stated.
>
> That line above is what goes into a user.js or however you insert
> changes to about:config with new profiles.
>
> g
>
> _______________________________________________
>
Early opening quote from Vixie talk:
“The law of unintended consequences scales nicely to the size of the internet. “
Seems to be getting truer every year.
I hope MWL DNSSEC books get a nice spike in sales.
P
More information about the talk
mailing list