undefined | Better HN

0 pointsDaniloDias6y ago0 comments

If an iot device in your home network is exfiltraring data about you, it becomes much harder to identify with dns over https.

Dns over https creates more problems than it solves for 99% of end users.

0 comments

flarex6y ago

The argument that because encryption can be used for nefarious purposes it should not be offered by DNS providers at all does not add up. ISPs can block, redirect and sell DNS traffic and many are already doing some or all of these.

JohnFen6y ago

I don't think anybody is arguing that DNS lookups shouldn't be encrypted. The issue is doing DNS lookups via HTTPS.

DaniloDiasOP6y ago

I’m specifically arguing that dns lookups should not be encrypted. Dns can be descriptive: ntp.example.com sounds like an Ntp server. Oh- this pcap shows an ntp flow afterwards. Probably synchronizing time.

Oh- adnetwork.example.com. Probably serving up ads.

Oh Agrrvxdrgkndzzzvbbhydsxxjjj.net.org.com. Probably botnet related.

I need to look at every protocol flow and sort by IP?

Who in their right mind blindly trusts all computers like this? If you ever want to troubleshoot your network, your job becomes way more tedious if dns requests are encrypted.

j / k navigate · click thread line to collapse