[afnog] Trusted Recursive Resolver (was: Can Root DNS server modify the response?)
S. Moonesamy
sm+af at afrinic.net
Wed Mar 27 04:16:49 UTC 2019
Dear Frank,
At 11:21 AM 26-03-2019, Frank Habicht wrote:
>So if Mozilla still intend to change default behaviour without informing
>every user, despite better local alternatives (with a party you can hold
>accountable, and question about further information use) then ...
>[to make it clear: I don't consider that an improvement]
One of the problems which the DNS Queries over HTTPS technology
attempts to solve is, for example, interference with DNS queries
[1]. The technology does not support verification of the DNS response.
It is usually assumed that people in the region adopt technology
without analyzing it. As you mentioned, the local alternatives could
be better. Mozilla described the technology as providing the user
with a Trusted Recursive Resolver.
Regards,
S. Moonesamy
1. https://www.rfc-editor.org/rfc/rfc8484.txt
More information about the afnog
mailing list