Besides, he would easily argue that he has implemented DoT, which provides adequate dns "protection & security" to the end user. If users want true privacy, use unbound.I would not hold my breath. RMerlin has often opined how he dislikes DoH is because it masks DNS behind normal HTTPS traffic, making network management more difficult. I'm not expecting him to encourage its adoption in any way.
I would not hold my breath. RMerlin has often opined how he dislikes DoH is because it masks DNS behind normal HTTPS traffic, making network management more difficult. I'm not expecting him to encourage its adoption in any way.
Besides, he would easily argue that he has implemented DoT, which provides adequate dns "protection & security" to the end user. If users want true privacy, use unbound.
Well from a privacy stand point, there is no real privacy since you are still sharing your information with whatever server you are using. In this respect, someone knows something. DoH v.s. DoT is not really an issue in my opinion. One offers DNS security with a false hope of DNS traffic being hidden, while the other offers same level security with no false hope of dns traffic being hidden since it is managed using an exclusive port.Why does it seem the whole world (Google, Microsoft, Apple, Firefox, etc.) is going DoH vs. DoT?
By the way you can use way more DoH servers by using the proxy DNSCRYPT-Proxy 2 which users can choose to take advantage of dnscrypt or DoH protocols or both.So NextDNS is the only way for now? I would have thought RMerlin would want to support user choice. Thanks for the reply!
So NextDNS is the only way for now? I would have thought RMerlin would want to support user choice. Thanks for the reply!
Ask the stubby developers to implement DoH then.
All existing DoH solutions at this time are massive bloatware
I imagine when they implement DoH it will be inclusive of reading whatever DoH address is required to reach whatever server you use.Looks like DoH is coming to Stubby (and Merlin) then?
A future release of Stubby is expected to support the following:
- DNS-over-HTTPS (DOH)
- Configuration of servers using authentication name only
Does that include NextDNS?
Well from a privacy stand point, there is no real privacy since you are still sharing your information with whatever server you are using. In this respect, someone knows something. DoH v.s. DoT is not really an issue in my opinion. One offers DNS security with a false hope of DNS traffic being hidden, while the other offers same level security with no false hope of dns traffic being hidden since it is managed using an exclusive port.
Just because https cannot be block'd doesn't mean there isn't imminent risk or danger lurking hidden inside all that https traffic waiting for your traffic.I don't think it's a "false hope of being hidden". DoH is TCP traffic and just looks like all other HTTPS traffic so it can't be blocked by port like DoT making it easier to implement and trouble shoot... you never have to wonder if your HTTPS is being blocked right?
Just because https cannot be block'd doesn't mean there isn't imminent risk or danger lurking hidden inside all that https traffic waiting for your traffic.
What I mean is , DoT encrypts your traffic exclusively inside a tunnel downright encrypting the dns traffic itself, while DoH only tries to mask your traffic inside HTTPS traffic where other risk or vulnerabilities may lie waiting.Did someone suggest that?
What I mean is , DoT encrypts your traffic exclusively inside a tunnel downright encrypting the dns traffic itself, while DoH only tries to mask your traffic inside HTTPS traffic where other risk or vulnerabilities may lie waiting.
The arguement is the risk for that is greater while you are using DoH since your dns traffic is not exclusively encrypted. While the risk for using DoT is that your port may get blocked.But "other risk or vulnerabilities may lie waiting" whether or not you're using DoH.
The arguement is the risk for that is greater while you are using DoH since your dns traffic is not exclusively encrypted. While the risk for using DoT is that your port may get blocked.
And that traffic would be exclusively encrypted.There are DoT resolvers that operate on port 443.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!