So despite your knowledge and the fact that companies have been providing public DNS servers for well over a decade, you still want to spread FUD about how this increase in security will lead to a single DNS providers dominance?
You do get that the vast majority of DNS requests are already centralized today into the hands of a few large ISPs, right? Except for those folks who actively choose to change their DNS provider? Something you can still do in the era of DNS over HTTPS?
The BBS is not the place for you if you 1) do not want your statements challenged or 2) do not wish to be subjected to snark. Apologies if that is disappointing.
I don’t have a fixed opinion on whether this is a good idea overall, but I do find it highly fishy that it’s being spun as a no-brainer like HTTPS.
With HTTPS, some of the mooted security benefits are questionable – particularly when it comes to certificates – but it never makes you less secure. Browser makers are within their rights to force you to use HTTPS, because there’s no case where that’s the wrong decision.
But the situation with DNS is not that simple, and taking this decision on behalf of the general public is overreaching. Forcing encrypted DNS doesn’t just mean your lookups are encrypted over the wire; it also means you have to use a different DNS infrastructure, which is not a neutral decision in security, technical or political terms.
Right now, it means forcing everyone to depend on the privately-owned 1.1.1.1 and 8.8.8.8, instead of the hordes of independent, heterogeneous systems that make up “traditional” DNS. Even if you cross your fingers that it’s a temporary arrangement, that’s still a big decision to make unilaterally on the world’s behalf.
The argument is that by forcing the issue, ISPs and corporate networks will all start supporting encrypted lookups on their own nameservers, so it’ll be just like now except lookups will be private even on cafe wifi. But I think it’s equally plausible that those smaller operators will say “running nameservers is a thankless PITA, and everyone’s using 8.8.8.8 now anyway, so let’s just leave it”, and then Google owns DNS forever (on behalf of its ad business, not you).
Then again, perhaps governments will force ISPs to implement encrypted DNS – and block third-party nameservers – since regulating DNS is their go-to means for blocking and monitoring traffic (as Garbage Island does with torrent sites), and they won’t want to lose that power.
My instinct is that the whole concept of DNS needs review, but the current tech industry thinking (“let Google run it all”) is a staggeringly bad idea, and until that changes, we are better off with the surprisingly-viable status quo.
This topic was automatically closed after 5 days. New replies are no longer allowed.