Comment by spiffyk
1 day ago
Alright so the article's tl;dr says to not use DoH as it merely reduces the number of peepers to one (which firstly is a good thing and secondly also offers protection against UDP spoofing attacks)... then goes on to recommending DoT, which would suffer from the exact same (non-)issue, but also actually gets to the actual problem with DoH, which is that the HTTP part has no business being there and increases complexity, which I as a former DNS resolver implementor wholeheartedly agree with!
Why discredit the whole post by adding an irrelevant tl;dr?
> also actually gets to the actual problem with DoH, which is that the HTTP part has no business being there and increases complexity, which I as a former DNS resolver implementor wholeheartedly agree with!
But that part is wrong too. The HTTP part has a very important reason to be there: because if it weren't, middleboxes would block the traffic.