Hacker News new | ask | show | jobs
by zamadatix 2192 days ago
Applications can choose to ignore the system resolver regardless if it's over UDP or HTTPS. DoH/DoT is showing up in operating system resolvers just not as fast as apps like browsers were willing/able to add it. Standard DHCP options for defining DoH details are still missing though (I think, haven't checked in a while)
2 comments
vetinari 2192 days ago
> Applications can choose to ignore the system resolver regardless if it's over UDP or HTTPS.

They can, but up until Firefox legitimized this practice, they didn't, maybe except some malware.

> DoH/DoT is showing up in operating system resolvers just not as fast as apps like browsers were willing/able to add it.

The browsers were so fast, that they skipped the discussion about ramification of this change with the rest of community and just abused their position. One might even wonder, why.

Does not make for good relations in future.

> Standard DHCP options for defining DoH details are still missing though

Yup. Here, browsers are not using their position to finish their push, so maybe the situation is acceptable for them.

link
zamadatix 2190 days ago
On one hand you say browsers are to blame because they went too far too fast bypassing the OS DNS and on the other you say browsers are to blame because they didn't go far and fast enough bypassing the OS DHCP client.

Again are your arguments actually about DoH causing centralization or are you just talking about browsers causing positioning centralization irrespective of the technology?

link
vetinari 2189 days ago
> On one hand you say browsers are to blame because they went too far too fast bypassing the OS DNS

Yup, they shouldn't have do this.

> On one hand you say browsers are to blame because they went too far too fast bypassing the OS DNS

No. I'm saying, that once they did what they did, they should have finish the job. They left it unifished.

> Again are your arguments actually about DoH causing centralization or are you just talking about browsers causing positioning centralization irrespective of the technology?

My point is that the way DoH was implemented is causing centralization. DoH could be implemented without causing this effect.

link
kreetx 2192 days ago
I think what the parent is saying is that unencrypted DNS queries you can intercept, with DoH you couldn't do that anymore.
link