[afnog] Trusted Recursive Resolver (DoH)

Tue Apr 2 16:21:40 UTC 2019

Dear Serge,
At 01:21 AM 02-04-2019, Iyedi Goma wrote:
>i m very glad to reed your email , in wich i have a specific interest;

Thank you for the interest in the topic.  I'll comment inline.

>in this specific case the questions could be if is good or bad in 
>the situation where you don't trust your ISP , yes using remote 
>resolution  could be good

In my opinion, that is a good question.

>2-DNS is an application level service no more in network layer
>  the question may be if is good or bad, one of the mojor argument 
> of those who promoted DoH like mozilla they strongly think that the 
> application provider is smarter than the user, and is honest but we 
> can raise the point where application is smarter than the user and 
> is dishonest ...
>it will be bad if the remote DoH server provided by the application 
>maker fails , if the application maker's interests and the user's 
>interests are in conflit or opposite

I haven't had time to follow how Mozilla is promoting DoH in or 
outside the region.   As you mentioned, the interests of the 
application provider could be in conflict with the interests of the user.

>3- if the DOH as default this will mean each application maker can 
>hardwire their own remote resolver
>
>**** this will concentrate more power to browser makers like apple, 
>mozilla, google,microsoft they will have 90% of market control ,90% 
>of world's web traffic and resolution, and they are all in the same 
>country and juridiction, you can easlily imagine how the new world 
>will became ?

This is not directly related to the above.  There is an academic 
paper which mentioned that there was "a considerable degree of 
consolidation within the DNS space between November 2011 and May 2017".

>my last point is about performance and the cost
>i'm not an expert on mesure, but people need to think about the 
>impact on this pushing dns trafic via http will rise trafic on 
>network, it may seems no thing according to some perpective but when 
>you have thousand of users sending queries by https the volume of 
>ISP traffic will increase,
>we know that 70% of Internet users in Africa use mobile (gsm) whith 
>the model of payement based on volume use, more data you use more 
>you paye, i don't have any statistique on this but surely this will 
>cost some thing.

There are some statistics at 
https://www.itu.int/en/ITU-D/Statistics/Documents/statistics/2018/Mobile_cellular_2000-2017_Dec2018.xls

>all this debate is about havening appropriate policies, and them 
>the  question is if you trust you ISP,  if you trust your regulator policies?

Yes.

>we are at the point of dilemma on who should  chooses ours 
>resolvers? the user, the isp? the browser? and who should be 
>entitled to apply does policies the government,the resolver??....

There are various forums in which those matters are discussed.  Some 
of them are at the national level.

Regards,
S. Moonesamy 