[afnog] Trusted Recursive Resolver (DoH)

Iyedi Goma iyedigoma at gmail.com
Tue Apr 2 08:21:56 UTC 2019


hello S. Moonesamy

i m very glad to reed your email , in wich i have a spécific interest;
may be the issue i will raise will not be a technical , but on my point of
view this could be my part of analyse as you say in your email "" It is
usually assumed that people in the region adopt technology
without analyzing it" in this circonstance i share your opinion.

once going trought rfc 8484 i notice those main changes will be apply to
resolution

1- the devices to resolver connection is encrypted and all the dns traffic
is hidden trought web traffic

 *****in this specific case the questions could be if is good or bad in the
situation where you don't trust your ISP , yes using remote resolution
could be good

 ***** in the case where your local ISP does some good things for you, like
preventing your on some bootnet, giving you like control parental services
(all those services are DNS based) this case could be a bad point, because
you will no longer got those services

***** I'm not against encryption is very good for all of us

2-DNS is an application level service no more in network layer
  *** the question may be if is good or bad, one of the mojor argument of
those who promoted DoH like mozilla they strongly think that the
application provider is smarter than the user, and is honest but we can
raise the point where application is smarter than the user and is dishonest
...
it will be bad if the remote DoH server provided by the application maker
fails , if the application maker's interests and the user's interests are
in conflit or opposite

3- if the DOH as default this will mean each application maker can hardwire
their own remote resolver

**** this will concentrate more power to browser makers like apple,
mozilla, google,microsoft they will have 90% of market control ,90% of
world's web traffic and resolution, and they are all in the same country
and juridiction, you can easlily imagine how the new world will became ?
even in term of privacy all our DNS data will be subject to the US privacy
law enforcement and neutrality rules, without forgetting data monetization,
even the freedom from censorshirp

my last point is about performance and the cost
i'm not an expert on mesure, but people need to think about the impact on
this pushing dns trafic via http will rise trafic on network, it may seems
no thing according to some perpective but when you have thousand of users
sending queries by https the volume of ISP traffic will increase,
we know that 70% of Internet users in Africa use mobile (gsm) whith the
model of payement based on volume use, more data you use more you paye, i
don't have any statistique on this but surely this will cost some thing.

all this debate is about havening appropriate policies, and them the
question is if you trust you ISP,  if you trust your regulator policies?

we are at the point of dilemma on who should  chooses ours resolvers? the
user, the isp? the browser? and who should be entitled to apply does
policies the government,the resolver??....



There is so much to say

I have had the ietf_africa because we are having same discussion on Doh.

Best regards
Serge parfait Goma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20190402/5b028f04/attachment.html>


More information about the afnog mailing list