On 12/04/2020 14:39, to...@tuxteam.de wrote:
On Sun, Apr 12, 2020 at 07:33:51AM -0400, Gene Heskett wrote:
[...]
I don't either, but at some point in an https environment, it seems to me
that a dns lookup is going to have to be translated into a plain dns
lookup.
No, that's not how it works. When the browser wants to resolve a
name, it doesn't "do" DNS (when it's doing DOH, that is) but uses
some "web-service-ish" protocol over https to some server out there
(cloudflare, e.g.) which does the resolution and answers via https.
Thus bypassing whatever scheme the sysadmin has set up for DNS.
I don't have polite words for that.
Cheers
-- t
Security has a lot to answer for.
It's amazing how much is done in this day and age, in _all_ walks of
life, in the name of so called security.
--
Michael Howard
