DNS over HTTPS: things to consider when you go “private”

Currently reading
DNS over HTTPS: things to consider when you go “private”

but for the average home / SoHo user, the former isn't relevant, and the latter should be obvious,
The 'average' home/SoHo user generally has very little experience and is a consumer of services.

However, the average home user with a family that relies on access controls for web destinations should be interested: if DoH is being used and enables a way that circumvents these mechanisms. Plus these mechanisms would also have to use DoH/DoT too: once the client device has their securely-got-IP, the mechanism will have to inspect the request for the payload's URL, and reverse DNS the packet's dst IP, otherwise any hiding will be exposed via traditional DNS.

DoH isn't going to that much of an issue with most businesses. There're already proxy services, whether onsite or cloud, that will enforce use of intermediate SSL certificates for internal users. These then facilitate the proxy inspecting any and all requests. Doing this requires quite a bit of oomph hardware-wise but it'll have to become commonplace.
 
Well said, Fred.

My point was that the objections that enterprises have against DoH that were the main argument in the ZD article linked) don't really apply to the average hom/soho user.

Though I wasn't thinking about it's nefarious use in either a business or a home context (eg moody teenagers) :)
 
Last edited:
Though I wasn't thinking about it's nefarious use in either a business or a home context (eg moody teenagers) :)
I deleted a bit I was going to add about ISP's holding the account holder responsible for what happens from their connection and used 'nefarious' ... had to double check if I'd left it in :)

I'm wondering if DoH will have a serious impact on HTTPS use, where to track the DoH section within HTTPS then all HTTPS will have to be inspected. Hands up who wants who wants to pull in a virus ... no-one, ok so that lightweight DNS-based mechanism is now useless.

Is DoH (hiding DNS in HTTPS) analogous having to do 100% population surveillance to identify a few terrorists?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank you for the answers. It is runninig now without that one line. Will look later if I really need this.
Replies
28
Views
11,230
I guess it’s only Tomato and DD-WRT firmware then with such support at the moment! I’ve dabbled with them...
Replies
2
Views
4,111
I have a question. So this is network speed issue on your NAS or on your PC? Not sure I picked up what...
Replies
1
Views
1,854
Hi! Finally, Synology fix the issue. How? Disable PPPe acceleration. How? With a script that they do not...
Replies
15
Views
4,070
  • Question
User defined Destination NAT (DNAT) /Source NAT (SNAT) is what is needed. My last router had this and...
Replies
1
Views
1,903
  • Question
checkip.synology.com is forever present on the NAS as well where it runs every 3 minutes. I disabled QC...
Replies
2
Views
2,108
Replies
26
Views
6,310

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top