On 7/15/19 8:21 PM, Rob Sayre wrote: > Mozilla's intent is to deploy a set of trusted recursive resolvers, as > Ekr explained back in March on the DoH list: > > > And also to supply a domain name that disables everything? That's what > the draft does, right?
Although the draft talks about policy a lot, it is actually pure "mechanism". The draft makes it possible for the user (or user agent) to know something it did not know before: whether the local DNS resolver implements a policy. A user agent may decide to do different things with that piece of additional knowledge, but without the knowledge there's no opportunity for a decision to be made. That's not saying everything's going to get turned off, but everything always turned on isn't ideal either. To speak more concretely, right now some existing filtering DNS providers have ways for users to know if things are working as desired. OpenDNS has internetbadguys.com for examplle, and other providers have similar. These are useful, but would be more broadly useful if they weren't provider-specific. That's basically all this draft is proposing -- defining one canary domain to check instead of one for each provider. -- Andy _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
