| ▲ | Bender 4 hours ago | |
To me this feels like turtles all the way down. Ultimately who owns and controls the layer-4 proxies and DoH servers matters and can easily get into turtle arguments. Who controls the certs controls the mathematical obfuscation (encryption) also matters. Pieces of the puzzle can be shared and recombined at any time. Me personally, I will stick with running my own DoH servers and thus I need not run any turtles (layer 4 proxies) in the middle of my already encrypted connections. Anyone running Unbound DNS can enable DoH if Unbound was built including '--with-libnghttp2' which the Alpine Linux version has. At the moment my browser is talking to Unbound over DoH on my local network so I get the advantages of ECN but I can easily switch it to any server where I have installed Unbound. Ultimately DNS at some point will be unencrypted UDP port 53 so I would rather it be me that determines where that happens so I can optimize my own cache and pre-cache cron jobs to mask my DNS behavior, but that's just me. Others can do whatever they want, as they should. The people that operate my ISP are bigger deviants than I and they know that I know that they know that I know this. Oh and as a funny side note, I can warm up cache on entirely unrelated nodes and then transfer the cache export to any node and keep it valid on that node as long as I wish making the vast majority of my DNS requests respond in less than 700 nanoseconds not that I am in any hurry. | ||