Subj : FidoGazette Vol 12 no 14 Page: 3
To   : Richard Menedetter
From : mark lewis
Date : Fri Apr 06 2018 17:09:40

 On 2018 Apr 06 10:59:24, you wrote to me:

 JK>>> "If you switch [your DNS (jk)] to 1.1.1.1, then that ledger of
 JK>>> where you're going online is not being kept by your ISP," Matthew
 JK>>> Prince, CEO of Cloudflare, said in an interview.

 ml>> anyone in the path between your system and 1.1.1.1 can easily sniff
 ml>> the traffic flowing through and gather the information on what domain
 ml>> you're looking up and the return response from the DNS server...

 RM> They are referring to their DNS over HTTPS.

no, that'll come later... for now, what they're talking about is the initial 
and actual 1.1.1.1 DNS service... the article stated that by using 1.1.1.1 it 
will prevent others from sniffinf out your DNS lookup details... that is 
patently wrong...

 RM> You can sniff that on the way, you cannot read it as it is encrypted.

right but that comes later down the road... maybe...

 ml>> DNS is all in the clear and the only way for it to not be is to use
 ml>> some sort of encrypted tunnel from one end to the other...

 RM> Exactly, and that is what they are advertising (among other things).

yep... the article spoke of three things...

  1. their new 1.1.1.1 open DNS service
  2. the possible implementation of DNS over HTTPS
  3. their standard proxy/caching service


)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it 
wrong...
.... Be more or less specific.
---
 * Origin:  (1:3634/12.73)

.