DNS over HTTPS

nusenu nusenu-lists at riseup.net
Thu Jul 26 17:50:00 UTC 2018


> One of the benefits of DoH over DoT seems that port 443 is utilized as
> opposed to port 853 and thus less likely to to be blocked by firewalls.

since may DoT servers also run on 443 this should not be a reason for using
DoH instead of DoT

> 
> Some are voicing their concern that it would cede control over DNS
> matters to browser vendors if they were to implement their choice of TRR
> as Mozilla currently does with CF.
> And certainly it would require other public DNS resolvers to implement
> DoH if not to stay limited to the aforementioned.
> 
> What are the thoughts of the unbound team on the subject, any plans to
> implement DoH?

there is a ticket for DoH already, but I believe at this point 
implementing the connection-reuse functionality for DoT
is more important than implementing DoH.

also note that from a user privacy perspective DoT is
preferred over DoH since it does not introduce all the
privacy problems of HTTP to DNS (like user-agent and other
headers that can be used to fingerprint the DoH client)

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180726/05372ebb/attachment.bin>


More information about the Unbound-users mailing list