[LINK] Secure DNS

[David]

Thanks Linkers for the interesting references.

Geoff Huston's blog is interesting, especially the suggestion (if I understand it correctly) that all DNS lookups in a web page might be done at its source and pushed with the content.  This would almost certainly reduce 'net traffic, and it would make the source responsible for address resolution except for the initial lookup.

But in other contexts DOH seems to me to be using HTTPS outside its design scope, and it collapses the old ISO 7-layer model.

On 14/01/2020 4:58 pm, Kim Holburn wrote:

> Interference in DNS by governments and monitoring by ISPs set this off.  In our country, I would expect that it is part of the metadata that ISPs are supposed to store for government departments and possibly even local councils to peruse.  ISPs can also sell this data.

Even with some form of secure & encrypted DNS from clients to trusted servers, ISPs could still see each web-page URL with the host name replaced by its resolved address.  So the security agencies could still monitor an agent of interest, but selling users' browsing history would probably involve too much work to be worthwhile.

David L.