[talk] DNS over TLS

[Pat McEvoy]

> On Sep 13, 2019, at 01:27, Pat McEvoy <mcevoy.pat at gmail.com> wrote:
> 
> 
> 
>> On Sep 12, 2019, at 19:00, George Rosamond <george at ceetonetechnology.com> wrote:
>> 
>> 
>> 
>> Brian Reynolds:
>>> George Rosamond wrote:
>>>> 
>>>> If you haven't heard, Firefox is enabling DOT by default.
>>>> 
>>>> I wasn't at the Vixie talk at vBSDCon on Friday, but apparently it is
>>>> worth hearing. We need to get him to speak when he's in NYC.
>>>> 
>>>> DOT means no more dns lookups over UDP to the locally configured
>>>> resolvers, but all straight to Cloudflare.
>>> 
>>> It is my understanding that Paul Vixie was to talk about DNS over
>>> HTTPS.
>> 
>> Ah, I was misinformed!
>> 
>>> 
>>> These both may have privacy and anonymity concerns, but I don't think
>>> that they have the same concerns.
>> 
>> Agree.
>> 
>>> 
>>> A meeting about both of these methods, and how we got here (i.e., why
>>> not DNSSEC) would be a good one.
>> 
>> Very much.
>> 
>>> 
>>>> This is the relevant js to change in any user.js config file to never
>>>> use DOT:
>>>> 
>>>> https://wiki.mozilla.org/Trusted_Recursive_Resolver
>>>> 
>>>> pref("network.trr.mode", 5);
>>> 
>>> I think you can also change that in Firefox's about:config page.  It
>>> looks like you can change the resolver name an url also.
>>> 
>> 
>> Yes, I thought that was obvious, but should have stated.
>> 
>> That line above is what goes into a user.js or however you insert
>> changes to about:config with new profiles.
>> 
>> g
>> 
>> _______________________________________________
>> 
> 
> Early opening quote from Vixie talk:
> “The law of unintended consequences scales nicely to the size of the internet. “
> 
> Seems to be getting truer every year. 
> I hope MWL DNSSEC books get a nice spike in sales. 
> P


Paul Vixie giving his talk again @ EuroBSDCon 9/21 @10:45am ( GMT+2)
I hear there will be streaming WITH DVR  so you can roll back in case of time zone differences. 
>