By Carsten Strotmann on 13 Aug 2019
Category: Tech matters
DoH (RFC 8484) and its older brother, DNS-over-TLS (DoT, RFC 7858), have been created in the IETF to counter surveillance and censorship via Domain Name System (DNS) queries from users.
Based on initial tests that Mozilla, working with Cloudflare, did with their Firefox browsers, privacy-sensitive users fear that browsing metadata is collected and aggregated at large DoT resolvers. On the other end, Internet Service Providers (ISPs) and administrators fear the loss of control over name resolution.
One argument I’ve got from ISPs is that users don’t want encrypted DNS, and that browser vendors push out a technology that nobody, except them, wants. If this were the case, there wouldn’t be any DoT/DoH implementations out there, would there?