[mholt]

Was just wondering... what value will DNS over HTTPS provide if/when we all move to IPv6 and presumably everything could potentially be identified by IP address directly? Will datacenters/ISPs be incentivized to do NAT with IPv6 or have some other way of introducing indirection into the routing?

[comex]

Note that for now, if you're sniffing packets, you can learn hostnames anyway due to TLS sending SNI in the clear. That may or may not change in the future...

[zackbloom]

Think about Cloudflare itself. Millions of websites hosted behind a handful of IP addresses.

[mholt]

So we go back to re-centralizing for privacy? I love Cloudflare, but... if that's really the answer to this... sigh.

[tracker1]

Well, about 8M websites are already behind Cloudflare... if you add the top 50 hosting providers, that's probably 95% of the internet. Traffic is already relatively centralized.

[gsich]

Have fun remembering every IP by heart.

[mholt]

No, I mean that simply by observing the IP address of packets, you can know which hosts are being requested, since there are enough IP addresses to go around.

[gsnedders]

That's a reason to get rid of the TLS SNI extension and the HTTP Host header, but it's entirely unrelated to how DNS messages are transmitted.