[kwlug-disc] CCC talk about DNS(ystem)
Chris Irwin
chris at chrisirwin.ca
Thu Apr 9 02:15:17 EDT 2020
On Wed, Apr 08, 2020 at 08:45:09PM -0400, Jason Eckert wrote:
>I don't think there will ever be a "very secure" DNS service, and DoH and
>DoT are advancing poorly from many different angles.
>Some days I think we should all just go back to /etc/hosts like the
>Mennonites north of Waterloo.
Define "very secure"? DoT or DoH secure the transport, and DNSSEC to
verify the response.
If a domain isn't using DNSSEC, there is no way to verify the results.
You could check consensus using something like dnschecker.org, though.
--
Chris Irwin
email: chris at chrisirwin.ca
xmpp: chris at chrisirwin.ca
web: https://chrisirwin.ca
More information about the kwlug-disc
mailing list