Hacker News new | past | comments | ask | show | jobs | submit login

I think I agree with you, but also I think I feel the same way about generic computers. I’d say that outside of specialized use cases, the OS is the wrong layer to define DNS settings: the network is the correct layer. Because that means that as computers move between networks, they handle things like private zones.

That said, I also think that there’s no absolute truth for what constitutes a “specialized use case”. I think if I’m the operator of a network, or a computer, or a container, or an application, having it use custom DNS settings is up to me. And Firefox/Chrome enable that: the operator can change the setting to whatever they want.

Speaking to the default case, Firefox/Chrome moving towards DNS defined at the app layer smells painful to me as a network operator, but ISP DNS interception also smells to me, and for the normal consumer threat model and network topology, Firefox/Chrome using CloudFlare DNS is essentially pure win. Most consumer users aren’t on networks with split-horizon DNS, and most consumer users aren’t at risk from CloudFlare logging their DNS requests, even assuming they’re violating their published privacy policies.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact