On Oct 1, 2019, at 9:22 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Tue, Oct 01, 2019 at 12:11:32PM +0200, Jeroen Massar <jeroen@massar.ch> wrote a message of 101 lines which said:
- Using a centralized/forced-upon DNS service (be that over DoT/DoH or even plain old Do53
Yes, but people using a public DNS resolver (of a big US corporation) over UDP is quite an old thing and nobody complained. I really wonder why there was so little reaction against OpenDNS or Google Public DNS and suddently a lot of outcry against DoH…
I get people not wanting to use 8.8.8.8 1.1.1.1 4.2.2.1 or even their local DNS resolver because various people have tried to treat it as a revenue stream at times. There needs to be more middle ground here than people have drawn with their battle lines.
Noting that many ISPs are deploying both DoT and DoH next to Do53.
Fact-checking: could you name some? (I do not know even one.)
I’ve gone and enabled DoTLS on my server and (wow, the number is finally non-zero!) haven’t seen a lot of TLS adoption. I see a lot more IPv6 than TLS at my authority server. num.edns=433691276 num.ednserr=96 num.udp=299934993 num.udp6=154946379 num.tcp=820001 num.tcp6=292693 num.tls=15 num.tls6=0 num.answer_wo_aa=1117887 num.rxerr=0 num.txerr=6 num.raxfr=49 num.truncated=1420526 num.dropped=86596 - Jared