← Back to context

Comment by mcpherrinm

18 hours ago

The most important part of DoH, etc is that it allows you to make a choice. You can choose a vendor in your country. As a Canadian, I might want to use the service offered by my national TLD operator https://www.cira.ca/en/canadian-shield/configure/firefox/

Many ISPs explicitly sell DNS data, and are also advertising vendors.

Cloudflare, on the other hand, doesn’t share or sell data and retains minimal data: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns...

4 comments

mcpherrinm

Reply
mlhpdx  16 hours ago

> The most important part of DoH, etc is that it allows you to make a choice.

So does UDP based DNS, and TLS based DNS. It’s all the same in that regard.

  • josephcsible  16 hours ago

    With insecure DNS, the choice isn't meaningful since your ISP will see all of the data no matter which DNS server you pick to use. And those kinds of ISPs will probably block DoT because they want to keep seeing it all, but they can't block DoH.

    • mlhpdx  15 hours ago

      I put my DNS service on a non-standard port. I’m the only one using it so standards be damned. Windows doesn’t allow setting a nonstandard port for DNS, but pretty-much everything else does.

      Do ISPs do deep packet inspection to get lookup data? Maybe, but it increases the cost of doing so and makes the business aspect of it less viable. Perhaps a minor win.

      1 reply →