Et donc Stéphane, à ton avis, il faut activer DNS over TLS, ou ça peut attendre 10 ans ? :)
> Le 26 juin 2018 à 11:55, Stephane Bortzmeyer <bortzme...@nic.fr> a écrit : > > Au fur et à mesure que le nouvel Android se déploie. > > --------------------------- > Liste de diffusion du FRnOG > http://www.frnog.org/ > > De: bert hubert <bert.hub...@powerdns.com> > Objet: DNS over TLS: slowly happening > Date: 26 juin 2018 11:09:55 UTC+2 > À: dns-operati...@dns-oarc.net > > > Hi everyone, > > [tl;dr enable DNS over TLS on your resolvers and CPE/modem if you can] > > As announced in > https://android-developers.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html > Android "P" will attempt to talk DNS over TLS to its resolver by default. > > We've asked a few very large scale resolver operators (at service providers) > if they see this happening already and they confirm, but it is tiiiiiny. > > Among tens of millions of subscribers "dozens" of IP addresses attempt > connections to port 853 of resolvers. > > The reason this does not yet happen a lot is of course partly because > Android P is not widely deployed, but also because most service providers > now provision their modem/router/CPE/default GW as nameserver. > > And in fact, most of the attempts we have heard of come from mobile phones > on cellular networks, and not from home wifi. > > Anyhow, if you are planning DNS operations, be aware phones will start > attempting to talk 853 to your CPE. And if you are a mobile operator, expect > the same to happen on your resolvers. > > We are aware of at least one moderately large service provider that will > enable DNS over TLS on their resolvers. > > (Mobile) service providers that want to prevent their users from eventually > receiving the popup "your internet connection is not secure, use our private > lookup service?" may want to ponder doing the same. > > Bert > _______________________________________________ > dns-operations mailing list > dns-operati...@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-operations mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > > --------------------------- Liste de diffusion du FRnOG http://www.frnog.org/
