conference logo

Playlist "DENOG11"

A Wider Shade of DoH

Peter Koch

We will look into the topic of encrypted DNS, the mesh of interests, concentration on the Internet, dramatic power shifts and long term architectural and policy consequences.

DoH (DNS over https) had been a joke amongst engineers - cynically admitting
that "everything" is going to be "tunneled thru" http anyway - long before
standardization efforts were launched in the Internet Engineering Task Force (IETF).
Consequently, the specification is lean and straightforward, but the idea
faced significant pushback from operations and security communities.
In parallel, the DNS community in the IETF has been developing two more
DNS encryption standards to address "pervasive monitoring". One of the two,
DNS over TLS (DoT) is gaining attention and support, but the big question
arising is whether the concept of "operating system" can survive the ever
growing prevalence of "apps" and whether the name resolution is a function
that should be controlled by the device owner, the enterprise network manager
or the app vendor.

At the same time, DoH accelerates the concentration in the DNS resolver
market - a "market" that had only recently emerged and appears to transform
a highly distributed technical function into an oligopoly with, in perspective,
significant influence over the shape of the DNS namespace.

It's time to differentiate between the technology, the policy and the
economics and to stop barking the wrong tree(s) when it comes to assessing
the bigger picture effects of "DoH" as proposed by the browser industry.