[afnog] Trusted Recursive Resolver (was: Can Root DNS server modify the response?)
Fernando Gont
fgont at si6networks.com
Tue May 28 23:50:11 UTC 2019
On 27/3/19 00:16, S. Moonesamy wrote:
> Dear Frank,
> At 11:21 AM 26-03-2019, Frank Habicht wrote:
>> So if Mozilla still intend to change default behaviour without informing
>> every user, despite better local alternatives (with a party you can hold
>> accountable, and question about further information use) then ...
>> [to make it clear: I don't consider that an improvement]
>
> One of the problems which the DNS Queries over HTTPS technology attempts
> to solve is, for example, interference with DNS queries [1]. The
> technology does not support verification of the DNS response.
>
> It is usually assumed that people in the region adopt technology without
> analyzing it. As you mentioned, the local alternatives could be
> better. Mozilla described the technology as providing the user with a
> Trusted Recursive Resolver.
"trusted recursive resolver" is in a way a funny term. Why should I
trust the party that provides it? Why is this TRR "potentially less
evil" than, say, my ISP?
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the afnog
mailing list