DoH plugin for BIND

Michael De Roover isc at
Sat May 2 07:35:24 UTC 2020

I don't live in the US myself, but from what I've heard it's actually 
among the least censored countries out there at the DNS level. Again, I 
don't consider it right to block content, at least if said content 
doesn't break local laws. If anything I'd like to actually retain my 
ability to bypass DNS blocks by simply changing my DNS server to a more 
favorable one. With DoH that would likely become much harder. Not to 
mention that HTTPS isn't the holy grail for bypassing that either. The 
Facebooks and Googles out there use HSTS to mitigate TLS stripping but 
that requires a list to be hardcoded in every web browser that supports 
it. It doesn't scale up at all. At that point we might as well go back 
to hosts files.

On 5/2/20 9:28 AM, Reindl Harald wrote:
> Am 02.05.20 um 09:00 schrieb Michael De Roover:
>> That's actually my biggest concern with DoH, ISP blocking. It doesn't
>> seem as obvious as it is with DoT, but deep packet inspection (DPI) is
>> already a thing. Don't expect an ISP that wants to block DoT to not
>> (want to) block DoH either. The crux of the problem at that point is not
>> the technology, it is the ISP's incentives. If the ISP wants to block
>> DoT for whatever reason, personally I'd consider it.. not exactly fine
>> but at least their right to do so. That's their decision to make.
> seriously?
> that seems to be some US attitude, no wonder what happens there with
> user attitudes like "but at least their right to do so"
> the ISP by definition has exactly one right: get money for his service
> which is described as "route and transfer every package, don't look at
> it, don't mangle it, you have no business about the content of my traffic"
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at
Met vriendelijke groet / Best regards,
Michael De Roover

More information about the bind-users mailing list