[afnog] Encrypted DNS for ISP customers

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Sep 10 18:38:01 UTC 2019


On Sun, Sep 08, 2019 at 08:50:33AM +0400,
 Loganaden Velvindron <loganaden at gmail.com> wrote 
 a message of 44 lines which said:

> In his summary, he makes a call for action to deploy encrypted DNS.
> 
> How many isps are planning to deploy dns over TLS for their customers ?

Frankly, I don't see the point. You use encrypted DNS because you
don't trust your access network. Therefore, you typically don't trust
its recursive resolver either (for instance because it is a lying
resolver, censoring SciHub or things like that). So, an encrypted DNS
resolver on the same network does not seem very useful to me. 



More information about the afnog mailing list