Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday August 31 2018, @09:17AM   Printer-friendly
from the gotta-love-the-initialism dept.

As the DNS-over-HTTPS (DoH) secured domain querying draft creeps towards standardisation, Mozilla has run a test to see if applying encryption brings too heavy a performance penalty.

One somewhat-surprising outcome: for some queries, performance improved using DoH.

As Mozilla discusses here, run-of-the-mill DNS requests over DoH take a small performance hit.

However, the test team believes a six millisecond slowdown is acceptable, given that users get better security and privacy out of DoH.

The experiment found that from the billion DNS requests it gathered, “the slowest DNS transactions performed much better with the new DoH based system than the traditional one – sometimes hundreds of milliseconds better.”

[...] According to this paper, presented at Usenix earlier this month, interference with DNS is depressingly common.

That paper discovered 8.5 per cent of the networks the authors tested were intercepting DNS requests, and found a large number of networks using deprecated DNS software. Mozilla's Patrick McManus (one of DoH's two authors) hypothesised two possible reasons for the speed-up.

[...] Another Mozilla developer, Daniel Stenberg, posted a list of DoH endpoints here. There are now three “big names” in the list, with PowerDNS launching its server last week.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Friday August 31 2018, @04:53PM

    by Anonymous Coward on Friday August 31 2018, @04:53PM (#728818)

    There's also the fact that this ill-thought-out garbage does an end run around any centralized DNS-based content filtering such as is used in a lot of businesses. (Or even home networks running PiHole or using OpenDNS content filtering or anything like that.) Not only that, but it WILL break intranets in networks using split-brain DNS. I bet dollars to donuts none of the stupid fuckers at shitzilla that approved this horse shit even knows what split-brain DNS is.

    The people that came up with this brain fart should be kept far away from computers for the good of humanity. DNS over HTTPs is a very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very very BAD thing. If you enable it you've just made yourself far LESS secure and opened yourself up to the very simple mass data collection that 100% GUARANTEED WILL HAPPEN on these servers.

    I have yet to regret moving away from Firefox when Australis was forced out to everyone. Perhaps it's time to begin migrating the client networks I support away from Firefox as well.

    Want to be secure? No DoH!

    Now before you tell me to calm down, yes, I know it's optional now and off by default. How many versions will pass before the current default off is changed to default on? I predict before Firefox 70 drops we'll see this bullshit turned on by default and pointing by default to Google's server.

    Starting Score:    0  points
    Moderation   +1  
       Flamebait=1, Interesting=1, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  

    Total Score:   1