Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2020-05-03 18:03:14
Mozilla Firefox
Alexander, 2020-05-03 18:03:14

DNS over HTTPS - why won't the provider see dns?

Good afternoon!
They write that there is a DNS function over https. They write that the provider, they say, will not see which site their client is accessing.
https://habr.com/ru/post/478012/
There right at the very beginning of the article.
And what prevents the same provider from muddiing some simple resolving type by ip-address to receive dns sites?
Or pr even the ip address of the requested sites will not see?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
L
Lynn "Coffee Man", 2020-05-03
@Lynn

Well, this is kind of stupid. Of course, the provider sees which IP the request is going to, and the domain in SNI usually fires.
But the goal of DoH is not at all this, but that the provider (and generally anyone) could not replace the DNS response. Well, and also so that he would not even know which domain you resolved.

Report
R
Ruslan, 2020-05-03
@msHack

in HTTPS tlc encryption when using tor or vpn, the provider will see nothing
tor itself cannot encrypt dns traffic, but DNS over HTTPS will help

Report
C
CityCat4, 2020-05-03
@CityCat4

Because you don't understand the principle.
DoH is a request that is sent over https to a previously known server that will resolve the requested name, ostensibly allowing the browser to access the blocked site. Actually it breaks even easier than non-DoH. Why?
Here is a diagram of how provider blocking works:
- The user enters www.linkedin.org in the browser
- The browser generates a DNS packet with a request for which IP from www.linkedin.org and sends it to the router, which sends it to the provider
- The provider scans the DNS packets , sees a request to www.linkedin.org and instead of sending this packet to the world, wraps it up on its own DNS, which instead of the IP line returns the IP of the stub with the inscription blabla blocked.
- The user gets a fig in full screen
Here is a diagram of how DoH works:
- The user enters www.linkedin.org in the browser
- The browser generates a DNS packet asking which IP from a pre-known server specified in the settings and sends it to the router, and that one to the provider
- The provider looks up the DNS- packets, sees a request to a certain site in tyrnet and skips the request
- The browser has established an encrypted connection with a previously known server and sent a request to it about what IP www.linkedin.org has
- The browser received a response and showed the user a tench The user
is basking in his coolness and thinks "oh, what a fine fellow I am, how I got ... l RKN." Although who is who here ... l - it's still to be seen :)
Firstly, everything
user requests go through one specific gate, which really pushes the gate administration to accumulate statistics (and then sell/give it to someone)
tricky nut there is a bolt with the corresponding thread

Similar questions
Z
zencd2012-09-07 16:48:27
Firefox does not update itself under Windows 2Reply
U
UnoUmo2015-12-08 09:51:01
Is there a Tab Manager for Google Chrome? 3Reply
X
xiko2015-12-08 18:15:56
Why does the copy function in FireFox disappear from time to time? 0Reply
S
SerDIDG2012-10-01 00:23:50
FileReader and application/zip file 2Reply
P
Paka2012-10-24 10:50:21
Firefox is buggy? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question