You might recommend that to me if running DNS tunnelled through another protocol was a thing I wanted to do.
But it's not. I think it's horrible Internet engineering hygiene, and I don't just not want to do it myself, I don't think anybody else ought to do it either. And I think that if end-users understood all of the concerns, they would agree with me on that - I get paid to know what end users would think. On October 3, 2019 10:28:37 AM EDT, Curtis Maurand <cmaur...@gmail.com> wrote: >Might I suggest using PowerDNS's dinsdist. it's an ha proxy that you >can >put in front of your recursors and It implements dns over https if you >want >it to. It's open sources and ensures that you're not limited to >Google's >or Cloudflare's servers which exist to drive advertising at you (I've >seen >infected ads pwn machines). I have much more paranoid reasons for >implementing, namely preventing 3rd parties from getting my histories. > >On Wed, Oct 2, 2019 at 5:28 PM Jay R. Ashworth <j...@baylink.com> wrote: > >> ----- Original Message ----- >> > From: "John Levine" <jo...@iecc.com> >> >> > In article ><804699748.1254612.1570037049931.javamail.zim...@baylink.com> >> you >> > write: >> >>Tools. Are. Neutral. >> >> >> >>Any solution to a problem that involves outlawing or breaking tools >will. >> >>Not. Solve. Your. Problem. >> > >> > I think in the outside world you'll find very little support for an >> argument >> > that filtering DNS is fundamentally broken. >> > >> > Sure, you can do it in broken ways, but it's going to be really >hard >> > to persuade anyone that their lives are better if they have >unfiltered >> > access to the malware links in their spam. >> >> I expect I would. >> >> But this is not "filtering DNS". It's "making a bodge-handed attempt >to >> REPLACE DNS (well, proxy it) for only one application/layer". >> >> My problem isn't what they're using it for; it's that they've >implemented >> it so poorly. >> >> I live down here in the trenches, John, where "it doesn't work" is >the >> calibre >> of problem reports I get. When my tools say that "yes, it does", >*I'm* >> the one >> who takes it in the nads because Mozilla had a Better Fuckin' Idea. >> >> That it will likely cause lots of 50,000ft problems to is just a >cherry on >> the >> top. >> >> Cheers, >> -- jra >> >> -- >> Jay R. Ashworth Baylink >> j...@baylink.com >> Designer The Things I Think >RFC >> 2100 >> Ashworth & Associates http://www.bcp38.info 2000 Land >> Rover DII >> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 >647 >> 1274 >> > > >-- >--Curtis -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
