[dns-operations] Detecting DNS hijacking (Was: new public DNS service: 9.9.9.9
Jeremy Harris
jgh at wizmail.org
Tue Nov 21 12:16:48 UTC 2017
On 21/11/17 11:36, Stephane Bortzmeyer wrote:
> The proper solution is
> DNS-over-TLS (RFC 7858), which Quad9 deploys (Google should, too).
Would one, as a client, also need to enforce certificate pinning
to assure authentication of the 9.9.9.9 you're talking TLS to?
In these days of TLS MITM and so on...
--
Cheers,
Jeremy
More information about the dns-operations
mailing list