Quick question about DNS and DoH that I thought about after reading this post:

https://packmates.org/@[email protected]/111176886781705659

Wouldn’t it make sense for Firefox or another third party to bundle and transparently forward all DoH requests to cloudflare so that:

A) Cloudflare doesn’t know who made what request due to not knowing the origin

B) Firefox doesn’t know who made what request due to TLS

#Infosec #Privacy
CC: @privacyguides

  • phanto@lemmy.caEnglish
    2·
    10 months ago

    I have a mini PC that is always on that runs my NTP and DNS, and it’s upstream DNS is quad nine out of Switzerland. (9.9.9.9). I tend toward the same usage patterns daily, and about a third of my requests never leave my home DNS to get resolved.

    • peregus@lemmy.worldEnglish
      2·
      10 months ago

      The TTL nowadays is about 3600 seconds, so I think that at about that rate your DNS server would flush stored entries every hour one by one and ask to 9.9.9.9 an update. That’s basically how every DNS server works (and I guess that even the ones embedded in router’s works like that with caching). Is your setup different? If yes, in which way? Thanks

      • phanto@lemmy.caEnglish
        1·
        10 months ago

        I set it up a long time ago, so I don’t honestly remember. I followed some guide, and did a few domain redirects to point at stuff on my home network and to shut Zuck out of my life, but I didn’t do anything crazy. So, I doubt it, but I don’t know.