[cs615asa] Meetup

Jiahan Liu jliu120 at stevens.edu
Sun Mar 8 16:15:30 EDT 2020


Hi, all


Last Tuesday, Sai and I went to a meetup at New York University. The topic is “Operating System as Dumb Pipes”. The speaker is Dr.Paul Vixie. He is CEO of Farsight Security and the creator of BIND—the famous open source DNS server.



>From the beginning, he mentioned how DNS query works and pointed out that those recursive DNS servers are where many bugs exist, and also, there may be compromised DNS servers. If so, the user may get a wrong IP address returned and be redirected to another website (advertisements for example).



And another thing is that, ISP venders may eavesdrop our DNS queries. Thus, they can know our browsing history. And here user privacy is leaked.



The key point of the above two cases is that, the communication between the user client and the DNS server is through the plaintext transmission. As a result, people of each node on the link can tamper with the content.



The solution discussed next was DNS-over-HTTPS(DoH). It is a DNS protocol transmitted by HTTPs, which means our DNS query is encrypted. Indeed, it is safer. But it also brings more problems. Firstly, DoH providers are third party venders. What if these venders collect data and enhance their ability to listen to the Internet? Second, to really imply such a technology, these venders have to negotiate a lot of things with the government.



To summarize, DoH is the actual answer to the actual problem. It is suggested that all ISPs to use DoH.


Thanks,

Jiahan Liu


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20200308/674122d1/attachment.html>


More information about the cs615asa mailing list