Hacker News new | ask | show | jobs
by subway 2946 days ago
Don't worry, the marketers will get to you soon enough.

Google has already wedged themselves in as the "gold standard" dns provider. My gut says eventually Apple/Google/Amazon will start forcing blessed devices to use their own name services. For the good of the user, of course. Ahem.
3 comments
blattimwind 2946 days ago
> Google has already wedged themselves in as the "gold standard" dns provider.

Run. Your. Own. Resolver [full stop]

I'm both amazed and devastated how even seasoned privacy hackers will just pop 8.8.8.8 into their respective resolv.confs. What are they thinking?

I know how people tell stories about how 8.8.8.8 (or 1.1.1.1) are so nice and fast (which simply sounds like they are mirroring the advertising for these services by the letter), but honestly, that doesn't matter: The first visit to any site is slow, and has been slow for years (downloading all those megabytes from a dozen origins simply takes its time); waiting another half-second to have your own resolver look after some unknown hostname – which will be cached, locally, much faster than anything 8.8.8.8 could do for you – really isn't worth spilling your entire browsing history onto Google's reception desk. Not for me, anyway.

link
secabeen 2946 days ago
I think that's unlikely, as there are too many internal services within corporate networks that will never show up in the global DNS. Google would rather people use Chrome at work.
link
imglorp 2946 days ago
That's okay if you run your own router. Point your device to that as default gateway, then the router can catch any DNS connections and do pi-hole style lookup mapping.

Pfsense is one good example.

link
subway 2946 days ago
That's a hard game to win in the end. Odds are the new and improved name services you're required to use won't really look much like DNS today.

Initially they'll be implemented as DNS over HTTPS, with devices being shipped preconfigured to favor those HTTPS endpoints over name servers provided by the local network. From there the traditional DNS bits will eventually be removed in favor of whatever proprietary mechanisms defined by Google/Amazon/Apple.

The only way to use Google/Amazon/Apple services will be by bootstrapping from hardcoded list of bootstrap ips in their product, secured by a similarly hardcoded CA certificate.

link