[kwlug-disc] CCC talk about DNS(ystem)

[Mikalai Birukou]

>> By the way, what do you use for trusted DNS in your home setup? How
>> do you get trusted and private DNS service if you trust nobody outside
>> of your immediate social group?
> I don't understand the value of DoH.  Or DoT for that matter.
>
> The distributed nature of DNS is its advantage.  DoH throws that away,
> without adding anything... even with DoH *and* HTTPS, your ISP
> still knows who you're talking to.

With Tor (!) it adds an advantage of privacy at the consumer end. 
Consumer end point is were all malicious stuff happens.

After watching that CCC talk, I now distinguish between DNS as a system 
for distributed and efficient passing of yellow-book like records, and 
particular consumer facing DNS protocols. And I also think that DNS 
system is way more efficient and planet friendly than bitcoin-like networks.

> If I don't trust my ISP, there is VPN for that.  Otherwise, my ISP knows
> where all my traffic goes, how big it is, when it happened, and how
> often it happens.  And that is *with* DoH and HTTPS.

I see Tor as a VPN, in which VPN provider doesn't trust its own servers, 
has no data about users, and as a result can't sell or misuse it. VPNs 
that have no onion or mixnet design inside, are targets for hacks and 
letters with gag clauses.

> There must some other reason people are pushing DoH so hard.
Here is a scenario. Computer system connects via Tor to DoH point to 
learn where update servers are. May be it checks other DoH points to see 
if there is a consensus. Then it connects via Tor to an update server.

In this setting update server has to server Bundestrojaner ( 
https://en.wikipedia.org/wiki/Bundestrojaner ) to everyone, or noone. :)