Any comments like on opt-in or opt-out...
6 replies to this topic
#1
-
- Forum Moderator
PLi® Contributor - 5,790 posts
+186
Excellent
Posted 30 November 2019 - 09:46
Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport
---------------------------------------------------------------------------------------------------------------------------------------
Remember: Upvote with the 
button for any user/post you find to be helpful, informative, or deserving of recognition!
---------------------------------------------------------------------------------------------------------------------------------------
Many answers to your question can be found in our new and improved wiki
Re: DoH on FF or Chrome #2
-
- PLi® Core member
- 68,528 posts
+1,736
Excellent
Posted 30 November 2019 - 14:15
DoH?
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: DoH on FF or Chrome #3
-
- Forum Moderator
PLi® Contributor - 5,790 posts
+186
Excellent
Posted 30 November 2019 - 19:13
Sorry your right, so let met enlighten, Firefox is now actively rolling out dns over https (DoH) https://support.mozi...lication-dnsnet. The dns server they prefer will not be the one from your provider, but cloudflare in FF. Although encrypting your dns requests seems a good thing, like in for instance reducing the risk of a man-in-the-middle attack, letting your browser choosing a dns for you might not be, as it provides this server with a huge amount of data.
Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport
---------------------------------------------------------------------------------------------------------------------------------------
Remember: Upvote with the button for any user/post you find to be helpful, informative, or deserving of recognition!
---------------------------------------------------------------------------------------------------------------------------------------
Many answers to your question can be found in our new and improved wiki
Re: DoH on FF or Chrome #4
-
- PLi® Core member
- 68,528 posts
+1,736
Excellent
Posted 30 November 2019 - 19:27
Ah, I was thinking Homer Simpson. 
I'll won't use it, as I use both a local DNS server (for local/internal domains) and a local hosts file to be able to override DNS (when I'm testing). Apart from all the privacy concerns, but that is currently already an issue with using Google or Cloudflare DNS....
Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Pro (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)
Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.
Many answers to your question can be found in our new and improved wiki.
Re: DoH on FF or Chrome #5
-
- Forum Moderator
PLi® Contributor - 5,790 posts
+186
Excellent
Posted 30 November 2019 - 19:43
LoL, 
Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport
---------------------------------------------------------------------------------------------------------------------------------------
Remember: Upvote with the button for any user/post you find to be helpful, informative, or deserving of recognition!
---------------------------------------------------------------------------------------------------------------------------------------
Many answers to your question can be found in our new and improved wiki
Re: DoH on FF or Chrome #6
-
- PLi® Core member
- 46,951 posts
+541
Excellent
Posted 14 December 2019 - 10:30
I don't see the advantage there? Replacing one villain by another?
MITM attack is prevented by DNSSEC but it's just as popular as IPv6 
Best way is to run your own DNS server and have it bypass your provider's DNS server, make it query the root servers.
On the other hand, I myself am not very secretive about what DNS records I am fetching. You should know that about 75% of all DNS requests are not under your control but are e.g. a result of fetching a HTML page which contains lots of referrals to third parties (think spammers, trackers, etc). So one can never be held responsible for obtaining a certain DNS record.
* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.
Re: DoH on FF or Chrome #7
-
- Forum Moderator
PLi® Contributor - 5,790 posts
+186
Excellent
Posted 14 December 2019 - 12:16
Best way is to run your own DNS server and have it bypass your provider's DNS server, make it query the root servers.
That is my conclusion also, after considering the following:
With encrypted DNS, the DNS requests to and from the upstream provider are not visible to your ISP or others, and the reply you get is the answer that was sent, as it travels an encrypted path. However, you have to trust the upstream provider with your DNS history, and to not filter or alter any of the DNS replies it sends you. Additionally, even though your ISP cannot see the DNS requests, you will immediately follow the DNS reply with an unencrypted request for that IP address, and your ISP can quickly determine where you are browsing
So I use unbound, this way you avoid upstream providers completely and this local resolver (unbound) deals directly with the authoritative name servers (the same ones the upstream providers use). The DNS traffic is not encrypted, but it is authenticated with DNSSEC, so the reply you receive is validated as being the answer that was sent.
Unbound uses a few techniques to send as little data to the nameservers as possible and to maximize your privacy - qname minimisation is one method. Since you communicate directly with the authoritative name servers, the replies are not filtered in any way. Unbound also has a very efficient cache, so after it’s been in use for a while it does not have to communicate with the name servers as often. Most users find that unbound is typically faster overall than using an upstream provider, once the cache is populated.
So for these reasons, I prefer unbound to encrypted DNS:
- No upstream DNS provider has your DNS history.
- The results are unfiltered.
- You have equal assurance that the DNS traffic has not been altered in transit.
- There is no less privacy from the ISP.
- Generally faster.
- I have complete control over my DNS resolver.
The last one I think is the most important to me, and for those who want privacy, I would recommend a VPN service
Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport
---------------------------------------------------------------------------------------------------------------------------------------
Remember: Upvote with the button for any user/post you find to be helpful, informative, or deserving of recognition!
---------------------------------------------------------------------------------------------------------------------------------------
Many answers to your question can be found in our new and improved wiki
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
