[afnog] Trusted Recursive Resolver (was: Can Root DNS server modify the response?)

S. Moonesamy sm+af at afrinic.net
Wed Mar 27 04:16:49 UTC 2019


Dear Frank,
At 11:21 AM 26-03-2019, Frank Habicht wrote:
>So if Mozilla still intend to change default behaviour without informing
>every user, despite better local alternatives (with a party you can hold
>accountable, and question about further information use) then ...
>[to make it clear: I don't consider that an improvement]

One of the problems which the DNS Queries over HTTPS technology 
attempts to solve is, for example, interference with DNS queries 
[1].  The technology does not support verification of the DNS response.

It is usually assumed that people in the region adopt technology 
without analyzing it.  As you mentioned, the local alternatives could 
be better.  Mozilla described the technology as providing the user 
with a Trusted Recursive Resolver.

Regards,
S. Moonesamy

1. https://www.rfc-editor.org/rfc/rfc8484.txt  




More information about the afnog mailing list