Open-Xchange at DNS Events

Aug 5, 2019

events_blog

Part of my job as Presales Engineer at PowerDNS is to attend conferences which are related to DNS,to see the latest trends, and also discuss those topics with the community.

I recently attended 2 DNS events, one in Japan (DNSOPS.jp DNS Summer Day) and one in France (annual Day of the AFNIC Scientific Council).

This blog post is a summary of the various topics discussed during those events.

DNS-over-HTTPS (DoH): DoH is a hot topic these days in DNS. We have written about it recently on this blog (DNS-over-HTTPS, Firefox and DNS) and have also recently released a white paper on this topic.

DoH was discussed at those 2 events, and the generic consensus is that DoH by itself is good, as it brings encryption to DNS, which was one of the last protocols to still transit in clear text over the Internet. But there are some concerns about DoH: proponents argue that there's no need for the ISP to see the DNS requests of its customers, especially since some ISPs interfere with DNS, for instance answering to NXDOMAIN with fake answers, or blocking access to some domains by court order. DoH opponents argue that, while DoH is generally good, it falls short of topics such as addressing Enterprise DNS, ISPs not being able to help when a subscriber has issues (since DNS is provided by someone else), malwares and botnets using DoH to hide traffic, or DoH completely bypassing Parental Controls solutions - not to mention the centralisation of DNS queries to a very few (already powerful) actors.

Also, DoH as proposed means potentially giving Cloudflare or Google a complete copy of the world's DNS requests, whose wisdom is debatable.
There are ongoing discussions in the community to address the above points - PowerDNS is committed to DoH as we believe it's a good solution (with the aforementioned outstanding topics), and therefore we support DoH (as well as DoT/DNS-over-TLS) with our dnsdist DNS load-balancer/anti-DDoS solution.
And we encourage ISPs to deploy it withing their network, so that when a discovery mechanism for DoH has been completed, subscribers can use the ISP DoH server transparently.
The Google's Intra app for Android, which acts as a DoH client, now also includes PowerDNS' doh.powerdns.org DoH server.

 

DNS Flag Day 2020: PowerDNS is part of the "DNS Flag Day" initiative, along with fellow open-source DNS vendors ISC, NLNet Labs and CZ.NIC. The 2019 edition has been very successful (we presented on it at the DNSOPS.jp event), and another one is now being prepared for 2020. The topic for this year will be focusing on the problems with IP fragmentation of DNS packets.
As with this year's Flag Day, a key part of minimising the impact for end users will be for domain administrators to check that their Authoritative DNS servers comply - there is a tester on the DNS Flag Day web site, allowing you to see whether there's anything to change.

More details can be found on the DNS Flag Day web site, which is also available in Spanish, Chinese, Japanese and French.

 

About the author

Nico Cartron

Nico Cartron

Senior Sales Engineer

Categories

Related Articles

PowerDNS brings encrypted DNS capabilities onto routers for the...

Helps protect confidentiality and integrity of traffic in the first mile CPE (customer premise equipment) manufacturers,...

Chris Holder Jul 5, 2023

DNSdist as a router-ready solution

As you might have read, with the release of DNSdist 1.8, PowerDNS brings DNS encryption with DNS over TLS (DoT) and DNS over...

Bob Brandt Apr 12, 2023

Another great CloudFest has passed…

Last week, the Open-Xchange team was at Europa-Park in Rust, Germany for CloudFest 2023. It was a very different event to...

Thorsten Einig Mar 30, 2023

Production-ready PowerDNS Cloud Control available

DNS is one of the vital components of the internet, invisibly making the internet work for everyone for almost four decades....

Alexander ter Haar Dec 5, 2022