
Serverless DNS over HTTPS (DoH) at the Edge - kodablah
https://blog.stackpath.com/serverless-dns-over-https-at-the-edge-doh?
======
mtnGoat
Im still trying to understand why this is useful or helpful? DNS is pretty
reliable and seems to be working well for a decades.

~~~
pas
privacy, which is essential for security. currently your DNS requests are sent
in the clear. and even if DNSSEC sort of guarantees the integrity and
authenticity of the answers, it doesn't provide secrecy.

and yes, currently TLS (+SNI) leaks the domain name (server name in TLS
parlance), but there's work being done on that and it's very likely that in a
few years that leaky hole will be closed too.

~~~
mtnGoat
privacy is a valid reason, this makes sense.

------
ehutch79
How the hell is this severless?

~~~
luhn
It's running on EdgeEngine, which is similar to Lambda@Edge.

~~~
fake-name
So....., someone else's server?

~~~
cddotdotslash
Yes, the exact same snarky comment that comes up every time someone brings up
the word "serverless." Anyone who is using this code base is probably smart
enough to connect the dots that yes, the code is running on some server some
where.

~~~
tyingq
When it was first came to my attention, I assumed it meant "peer to peer" or
"all code runs locally". I don't feel like that's because I wasn't smart
enough. It is a fairly silly name.

------
Elof
Looks like this has the potential to be used as a way to domain squat. Or
maybe even hijack?

~~~
SahAssar
How? Pointing your resolver to something returning whatever has been possible
since DNS was invented. This changes nothing except that your ISP isn't able
to read/change responses.

~~~
Elof
The example in the article circumvents ICANN

~~~
shawnz
Right, which has always been possible by setting your own DNS server.

