DNS over HTTPS
nusenu-lists at riseup.net
Thu Jul 26 17:50:00 UTC 2018
> One of the benefits of DoH over DoT seems that port 443 is utilized as
> opposed to port 853 and thus less likely to to be blocked by firewalls.
since may DoT servers also run on 443 this should not be a reason for using
DoH instead of DoT
> Some are voicing their concern that it would cede control over DNS
> matters to browser vendors if they were to implement their choice of TRR
> as Mozilla currently does with CF.
> And certainly it would require other public DNS resolvers to implement
> DoH if not to stay limited to the aforementioned.
> What are the thoughts of the unbound team on the subject, any plans to
> implement DoH?
there is a ticket for DoH already, but I believe at this point
implementing the connection-reuse functionality for DoT
is more important than implementing DoH.
also note that from a user privacy perspective DoT is
preferred over DoH since it does not introduce all the
privacy problems of HTTP to DNS (like user-agent and other
headers that can be used to fingerprint the DoH client)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users