Encrypted DNS

Posted May 20, 2025 20:41 UTC (Tue) by sionescu (subscriber, #59410)
In reply to: Encrypted DNS by dskoll
Parent article: Red Hat Enterprise Linux 10 released

> that's a game of whack-a-mole

For the moment it's much easier than one might think because the DNS endpoints (or any mechanism for bootstrapping such a list) need to be well-known.

Encrypted DNS

Posted May 20, 2025 20:47 UTC (Tue) by dskoll (subscriber, #1630) [Link]

The DNS endpoints need to be known to the specific device that's using DNS-over-HTTP.

I would not put it past "Smart TV" manufacturers, for example, to run their own servers that are known only to their devices. Sure, there's a small risk that the endpoints could become unmoored from the servers if the server IPs change before the endpoints can be updated, but as long as one of the IPs keeps working, the endpoints can always get the new list.