undefined | Better HN

story

0 pointsignoramous6y ago0 comments

> e.g. I run DoH behind my home's dns cache server.

I think GP is referring to the fact that apps can now bypass network / os wide dns stub / recursive resolvers undetected with DoH.

> This is where HTTPS and eSNI further help.

I believe TLS v1.3 specifically has anti-censorship and anti-surveillance properties baked in: https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

0 comments

They could have had their own resolver before, or even hard coded IPs.

Using software that doesn't respect you is the problem.

Firewalls can redirect port 53 to another IP. That prevents things from hard coding to a specific IP.

Euh, it prevents a custom resolver sure, but hard-coded IPs bypass the need for DNS completely.

j / k navigate · click thread line to collapse

They could have had their own resolver before, or even hard coded IPs.

Using software that doesn't respect you is the problem.

Firewalls can redirect port 53 to another IP. That prevents things from hard coding to a specific IP.

Euh, it prevents a custom resolver sure, but hard-coded IPs bypass the need for DNS completely.

j / k navigate · click thread line to collapse