undefined | Better HN

0 pointstremon13d ago0 comments

> Freedom of DNS choice has nothing to do with DoH

The attack vector that DoH offers is that data exfiltration companies will start shipping their own DNS resolver in javascript to work around DNS-based filtering. They can't do this with regular DNS because the network traffic can still be observed and blocked independently, but how will you block a browser from accessing specific https URLs without MITM'ing all traffic?

So yes, DoH does have something to do with DNS choice: it can completely subvert the OS-provided domain resolver service as well as the browser-configured one.

0 comments

1 comments · 1 top-level

SparkyMcUnicorn7d ago

Are you suggesting that Chrome is going to allow individual websites to override the browser DNS settings? And also skip bootstrapping?

I'm very confused by this comment.

j / k navigate · click thread line to collapse