[dns-operations] need ideas for selective proxying to defeat the economic poison pill built into DOH
Paul Vixie
paul at redbarn.org
Thu May 16 05:46:20 UTC 2019
On Monday, 13 May 2019 02:31:31 UTC Grant Taylor wrote:
> There's always a TCP Reset and then not interfering with the next
> packets between the two IPs.
this is the most interesting idea i've heard, and i'm thinking hard about it.
the second most interesting idea i've heard is dnsfire:
https://github.com/wupeka/dnsfire
the holy grail is, listeners who don't support DOH (the /dns-query URI) should
be rewarded by not having their traffic decrypted at my network edge, and i
never have to force a TLS downgrade on my clients. this requires some kind of
selective proxying. i don't think that's simple. does anyone?
--
Paul
More information about the dns-operations
mailing list