Chris's Wiki :: blog/web/DNSOverHTTPSHeuristicsAndUs Commentshttps://utcc.utoronto.ca/~cks/space/blog/web/DNSOverHTTPSHeuristicsAndUs?atomcommentsDWiki2020-03-23T16:54:58ZRecent comments in Chris's Wiki :: blog/web/DNSOverHTTPSHeuristicsAndUs.By David Brownlee on /blog/web/DNSOverHTTPSHeuristicsAndUstag:CSpace:blog/web/DNSOverHTTPSHeuristicsAndUs:44fc0946486bc8a875520971b617ff23ca4ddf2bDavid Brownlee<div class="wikitext"><p>I assume it would not be practical to require all externally registered names to be CNAMEs to domains under your control? </p>
<p>Then you could keep the split DNS for your domains but allow the external domains to go over DoH.</p>
</div>2020-03-23T16:54:58ZBy Guus on /blog/web/DNSOverHTTPSHeuristicsAndUstag:CSpace:blog/web/DNSOverHTTPSHeuristicsAndUs:36fd2b98632fa9ad2159683c915b7be6997b135cGuus<div class="wikitext"><p>I'm probably missing the obvious here, but how about adding a DOH service to the existing dns infra?</p>
<p>That would solve the most obvious cases (split-horizon stays intact, $browser /should/ prefer your servers, etc). Machines with some custom DNS setting will still have problems, but that should be the case now (without doh/dot).</p>
<p>Still better would be to get the internal/external routing to work seamlessly, of course (complex, I know).</p>
<p>Just my € 0.02.</p>
</div>2020-03-13T10:25:41Z