[dns-operations] Introducing DNSCrypt
Bill Owens
owens at nysernet.org
Tue Dec 6 19:15:40 UTC 2011
On Tue, Dec 06, 2011 at 01:44:47PM -0500, Paul Wouters wrote:
> On Tue, 6 Dec 2011, Bill Owens wrote:
>
> >I'm having difficulty understanding the value of encrypting one's DNS
> >query stream. It doesn't provide any meaningful privacy improvement, and I
> >can't see what else it would do.
>
> starbuck wifi.
I understand the risk of snoopable networks; I just don't see the benefit of encrypted DNS traffic. I can have this sort of conversation:
client -> RDNS DNS standard query A www.facebook.com
RDNS -> client DNS standard query response A 66.220.147.11
client -> 66.220.147.11 TCP 64982 > 80 [SYN] Seq=0
. . . etc
Or I can have
client -> RDNS <some encrypted traffic>
RDNS -> client <some more encrypted traffic>
client -> 66.220.147.11 TCP 64982 > 80 [SYN] Seq=0
. . . etc
Either way it's pretty clear what I'm doing, right?
Bill.
More information about the dns-operations
mailing list