<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">Hi, all</span></p>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">Last Tuesday, Sai and I went to a meetup at New York University. The topic is “Operating System as Dumb Pipes”. The
speaker is Dr.Paul Vixie. He is CEO of Farsight Security and the creator of BIND—the famous open source DNS server.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><o:p> </o:p></span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">From the beginning, he mentioned how DNS query works and pointed out that those recursive DNS servers are where many
bugs exist, and also, there may be compromised DNS servers. If so, the user may get a wrong IP address returned and be redirected to another website (advertisements for example).</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><o:p> </o:p></span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">And another thing is that, ISP venders may eavesdrop our DNS queries. Thus, they can know our browsing history. And
here user privacy is leaked.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><o:p> </o:p></span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">The key point of the above two cases is that, the communication between the user client and the DNS server is through
the plaintext transmission. As a result, people of each node on the link can tamper with the content.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><o:p> </o:p></span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">The solution discussed next was DNS-over-HTTPS(DoH). It is a DNS protocol transmitted by HTTPs, which means our DNS
query is encrypted. Indeed, it is safer. But it also brings more problems. Firstly, DoH providers are third party venders. What if these venders collect data and enhance their ability to listen to the Internet? Second, to really imply such a technology, these
venders have to negotiate a lot of things with the government. </span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><o:p> </o:p></span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">To summarize, DoH is the actual answer to the actual problem. It is suggested that all ISPs to use DoH.</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black"><br>
</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">Thanks,</span></p>
<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif">
<span style="font-size:11.0pt;font-family:Times;mso-fareast-font-family:
"Times New Roman";mso-bidi-font-family:"Times New Roman";color:black">Jiahan Liu</span></p>
</div>
</body>
</html>