DNS over HTTPS (and all its friends & relations)

Due to pervasive unpreparedness of users, applications, operating systems, and protocols, DNS has become an essential control point for “cyber” security. Most networks have a mix of legacy, modern, safe, and unsafe devices attached to them, and this condition won’t change as quickly as the Beyondcorp initiative might suggest. However, DNS is also an important control point for authoritarian regimes, and so “bypass” innovation is continuous, rapid, and ambitious. Here, Dr. Vixie pays special attention to the “bypass” innovation called “DNS over HTTP” or “DoH” protocol, now being strongly pushed by Mozilla, Cloudflare, and others, and outlines its problems and risks. In addition, a brief mention is made of IRTF Resolverless DNS.

Source: vBSDcon – Paul Vixie