Menu
What's new
By:
Filters Better Search

Improving DNS Privacy with Oblivious DoH in 1.1.1.1

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Great. The kids will love this as it make it almost impossible to force browsing restrictions.
As for me, I feel that DoH has some security flaws in the way it is implemented. Browser based DoH still requires conventional DNS to get to the secure server and does not use DNSSEC. Better to stay with DOT.
 
bbunge said:
Great. The kids will love this as it make it almost impossible to force browsing restrictions.
As for me, I feel that DoH has some security flaws in the way it is implemented. Browser based DoH still requires conventional DNS to get to the secure server and does not use DNSSEC. Better to stay with DOT.
Click to expand...
Exactly,comfy with DoT.
 
Just what the world needed: ANOTHER "standard" for DNS queries.

How about the world focus on implementing what already exists instead of coming up with new methods of messing up with networks? Like, encouraging people to implement DNSSEC, which already exists, already resolves a lot of security-related issues, and yet has like less than 1% adoption?
 
Seems a lot like Anonymized DNSCrypt but with DoH..
A proxy in between instead of a relay server
 
Dan, you're preaching to the choir: pop over to the AsusMerlin forum where a bunch of us have been bypassing google and cloudflare for a while with unbound, which allows our routers to be an rDNS server, consulting the very same Authorittative servers that Google and Cloudflare do, but without the latency of a hop through the dataminers servers. Further, it's able to be configured to do the Auth lookup using DoT, so we're pretty much self contained. I believe unbound runs on openwrt as well, so check with those good people too. If we're savvy enough to do this, we're also savvy enough to run VPN servers that we control on our routers for our devices to tunnel into when away from our LAN so that we can enjoy similar Info- and OpSec as if we were sitting in our home office bastions.
 
Last edited:
Schneier on Security

Read the comments and observations then ask yourself just who is this good for ??? All they are doing is cutting out the ISP and probably gaining the data themselves.
 
RMerlin said:
Like, encouraging people to implement DNSSEC, which already exists, already resolves a lot of security-related issues, and yet has like less than 1% adoption?
Click to expand...

yep...

DNS is a bit of a mess right now...
 
RMerlin said:
Just what the world needed: ANOTHER "standard" for DNS queries.

How about the world focus on implementing what already exists instead of coming up with new methods of messing up with networks? Like, encouraging people to implement DNSSEC, which already exists, already resolves a lot of security-related issues, and yet has like less than 1% adoption?
Click to expand...
If I understand it correctly this new protocol requires DNSSEC, so it might encourage people to implement DNSSEC?
 
XIII said:
If I understand it correctly this new protocol requires DNSSEC, so it might encourage people to implement DNSSEC?
Click to expand...

The thing is, DNSSEC has to be implemented first of all by domain owners. If they haven't done so yet (in large part due to the fact that it's not very straightforward to implement, varies between registrars, and isn't well known/documented either), this new protocol won't change anything.
 
"DNS is a bit of a mess right now"...

THAT^^^ Jon Postel is rolling in his grave - Who could blame him?...
 
Last edited:
Authority said:
Been reading about this - really excited to see the big names behind this!

Hope Merlin implements despite his personal biases.
Click to expand...


Why on earth would you wish for something that is inherently INSECURE and will provide you with nothing worthwhile?

You need to read further on some of the security sites.
 
I can see why you might think that, but everything is a compromise. This has the backing to make a difference.
 
Authority said:
I can see why you might think that, but everything is a compromise. This has the backing to make a difference.
Click to expand...

DOH has major flaws , adding a single proxy won't do anything to help you, they can be compromised. This service possibly stop your ISP from seeing your usage BUT like TOR can be viewed by multiple agencies.

Ask yourself who will now be handling your connection?

If you want privacy use a reliable paid VPN provider.
 
AndreiV said:
DOH has major flaws , adding a single proxy won't do anything to help you, they can be compromised. This service possibly stop your ISP from seeing your usage BUT like TOR can be viewed by multiple agencies.

Ask yourself who will now be handling your connection?

If you want privacy use a reliable paid VPN provider.
Click to expand...
DoH improvements are being worked on i think.
blog.cloudflare.com

Speeding up HTTPS and HTTP/3 negotiation with... DNS

A look at a new DNS resource record intended to speed-up negotiation of HTTP security and performance features and how it will help make the web faster.
blog.cloudflare.com blog.cloudflare.com
Like when there is some competition for dns solutions (Not the part with browsers adding DoH support)
I use Anonymized DNSCrypt, Looks like the ODoH trying something similar, I am interested how this will be when the "flaws" of DoH has been handled.
 
Last edited:
'Reliable paid VPN provider'. The pink unicorn that little children on the internet dream about.

It doesn't exist, nor does it offer any form of privacy.

But marketing (and the fear they instill for these types of 'products') is strong...
 
You must log in or register to reply here.

Similar threads

X
Prevent client auto DoH
Replies
6
Views
572
Xboxsx4life
X
PR3MIUM
Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
Replies
15
Views
577
sfx2000
sfx2000
T
ControlD with Merlin
2
Replies
25
Views
734
tnpapa
T
C
How to set upstream DNS but force clients to use the router for DNS?
Replies
2
Views
545
chrisisbd
C
CntrlAltDel
DNScrypt DNSCrypt Error During Setup
Replies
1
Views
1K
Zastoff
Zastoff
Similar threads
Thread starter Title Forum Replies Date
sfx2000 Microsoft, DNS, and 192.168.1.0 General Network Security 4
B Which 3rd party dns filters do you use? General Network Security 19
P Threat protection / DNS filtering / Router security (on home network) General Network Security 1
C DNS changes General Network Security 8
tomasm Cloudflare DNS problems caused by Comcast? General Network Security 23
RMerlin How do malware-blocking DNS providers compare? General Network Security 67
L&LD iPhone offer privacy? No, never. General Network Security 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 745 (members: 20, guests: 725)
Top