Re: [dns-privacy] Trying to understand DNS resolver 'discovery'

[Stephane Bortzmeyer <bortzmeyer@nic.fr>]

On Tue, Nov 26, 2019 at 12:35:13PM -0500,
 Phillip Hallam-Baker <phill@hallambaker.com> wrote 
 a message of 166 lines which said:

> 2) Admin/User Configured DNS
>     The client obtains the information to connect to a resolver through an
> Administrator or User configuration action. This may be inserting an IP
> address (8.8.8.8/1.1.1.1/etc) or some form of DNS label.
> 
> 3) Application/Platform Provider Configuration.
>     The application or OS platform can simply ignore user preferences and
> choose a DNS provider of its own liking.

Note that, for free software, there is no real difference between 2)
and 3). Someone can always change the source and recompile. (And there
is of course no real privacy without free software.)

> But please, assure me that we are not the brink of users being faced
> with pop ups asking them 'would you like to choose me as your DNS
> provider'.

Why not? But, anyway, the IETF does not do UI so it's not really our
job.

> Of these three models, I have always considered (1) to be a security
> hole.

I fully agree. *All* "automatic discovery of the DoH resolver" schemes
are broken by design and I really wonder why people keep suggesting
them.

> So what I see is a requirement for DNS resolver configuration. We
> already have rfc6763 to tell us how to get from a DNS label to an
> Internet service.  Albeit one that presupposes the existence of a
> resolution mechanism. I don't see it being problematic to use the
> local DNS to do this resolution provided that 1) we have the means
> to authenticate the connection and 2) we only use this mechanism
> once, to perform initial configuration.

I agree too. A simple _doh.MYDOMAIN.example/SRV request would
suffice. (Even better, HTTP should support SRV, but I digress...)