Why big ISPs aren’t happy about Google’s plans for encrypted DNS
-
DNS over HTTPS will make it harder for ISPs to monitor or modify DNS queries.
When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers for sending DNS queries over the encrypted HTTPS protocol.
...
The telecom industry letter is confusing because it mashes together two different criticisms of Google's DoH plans. One concern is that switching to encrypted DNS would prevent ISPs and others from spying on their users. The other is that, in the process of enabling DoH, Google will switch millions of users over to Google's own DNS servers, leading to a dangerous concentration of control over DNS.
-
Let's just have one big index website and give it an IP 1.1.1.1
and this page will have a table of all the sites you want to visit like mangolassi and it is IP and you click on the IP.
and problem solved.I should be working at Internet Engineering Task Force.
And if you wish to update record, you just send snail mail to prove you are really whom you say you are, cause no one will go to the burden of actually sending mail with stamps and in 3-4 weeks it will get updated.
-
I will grant them a bit on the Google being the main source of DNS being a problem... but that's easily solvable - others just need to start offering DOH.
Though, considering the purpose of DOH, it really should only be those who aren't looking to gather information from your data - which we all know Google is specifically about - and seems like ISPs are too.
I wonder if Cloudflare is in the data business as well?
-
Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.
-
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.
I have PiHole setup at my residence and funnily enough there are a lot of things that are free like (PBS streaming) which isn't available because they are required to have access to your info. . .
-
@DustinB3403 said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.
I have PiHole setup at my residence and funnily enough there are a lot of things that are free like (PBS streaming) which isn't available because they are required to have access to your info. . .
Weird. I've not seen any of those yet, but wow.
-
@scottalanmiller Yeah the services depend on doubleclick etc, so if you have those blocked, then you're SOL for using those streaming services. I was kind of pissed about it. .
-
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.
This does nothing to hide it. It only centralizes the "device" requesting the DNS.
Edit: And if you host it externally, then your ISP still sees your DNS.
-
@JaredBusch said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
Add a PiHole to hide a lot of your DNS activity. Not all, by any means, but it greatly reduces it.
This does nothing to hide it. It only centralizes the "device" requesting the DNS.
Edit: And if you host it externally, then your ISP still sees your DNS.
And caches, so it only knows that something has been looked up, but not how often.
-
@JaredBusch said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
Edit: And if you host it externally, then your ISP still sees your DNS.
Good point. Hides it from one place, but exposes to another.
-
PiHole can do DNS over HTTPS if you configure it (for its own lookups, not your lookups to it.)
-
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
PiHole can do DNS over HTTPS if you configure it (for its own lookups, not your lookups to it.)
Not a default setting in the GUI last tie I looked. /looks at link, yup not a default thing yet.
Good to exist, but until it is native, adoption will be low.
-
It's still a nascent tech.
-
Why not set this up to make all of your dns queries
-
@Obsolesce how does that help when I do 99% of my lookups from a desktop?
-
@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.
-
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.
It is at least a simple DNS privacy option when you are not at home. But I found it mostly useless.
-
@DustinB3403 said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
@scottalanmiller Yeah the services depend on doubleclick etc, so if you have those blocked, then you're SOL for using those streaming services. I was kind of pissed about it. .
Yup, CBS does this as well.
-
@scottalanmiller said in Why big ISPs aren’t happy about Google’s plans for encrypted DNS:
@Obsolesce if I did that, it would bypass my PiHole and put all kinds of crap back into my pages on my phone slowing it down. That would suck.
All of our edge devices are set to block DNS queries from anywhere but the local DNS server. So, no avoiding it.
-
Ugh: https://support.umbrella.com/hc/en-us/articles/360001371526-Web-Browsers-and-DNS-over-HTTPS-default
Cisco/Umbrella/OpenDNS instructions to block DoH.
