[LINK] Secure DNS

[David]

Back on-topic, I don't know whether the following is of any interest or not.

Mozilla now have a form of secure DNS in Firefox which can be enabled from Preferences > General > Network Settings.  This works by encapsulating DNS queries in HTTPS ("DOH"), and it's intended to provide privacy by making it impossible for ISPs & others to monitor and sell their customers' browsing patterns.  There's a move to make it the Firefox default.

It has three modes, mode-2 uses DOH if possible, otherwise reverting to normal DNS, and mode-3 only uses DOH.

It obviously requires a DNS server which supports DOH.  The default is one by Cloudflare in San Franscisco who are said to have an agreement with Mozilla which bans monitoring.  In mode-3 DOH also requires a "bootstrap" DNS server to look up Cloudflare.

However DOH only seems to work with the Cloudflare server, and in mode-3 it only works with a bootstrap server having the odd IP address 1.1.1.1.

Looking up 1.1.1.1 in the APNIC 'whois' reveals the subnet 1.1.1.0-255 is assigned to the "APNIC and Cloudflare DNS Resolver project"
Routed globally by AS13335/Cloudflare
Research prefix for APNIC Labs
6 Cordelia Street
Brisbane

Does anyone know anything about this?  There are many DOH servers around the world, for example <doh.securedns.eu> so DOH isn't new, and there's also DNS-over-TLS which seems more elegant.

Do the spooks have a hand in all this?

David L.