ISC StormCast for Tuesday, September 10th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 10 September 2019
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, December 10th, 2019 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and the time I'm recording from Sevalde, Germany. |
| 0:13.4 | A couple times in this podcast I already talked about the relatively new DNS over HTPS protocol, some of the problems with this protocol, and also |
| 0:25.5 | how it's trying to protect your DNS queries from spying eyes. |
| 0:31.7 | Now one of the organization that has really been pushing the standard is Mozilla with its Firefox |
| 0:40.0 | browser and it has been an optional feature for quite a while now in Firefox. |
| 0:46.6 | Starting in September, Firefox will start to make DNS over HTTP the default in particular in the US. |
| 0:58.0 | So it will be rolled out in stages starting with users in the US. |
| 1:03.0 | And the way it's supposed to be configured is by default Firefox will use DNS over |
| 1:09.0 | HDPS and only if these queries fail, then it will |
| 1:13.4 | switch back to the traditional DNS API and will use the local Resolver. |
| 1:20.7 | Now the privacy issue here is actually not sort of a simple black and white issue. |
| 1:25.4 | Now in particular as a home user, and this is really sort of |
| 1:29.0 | more addressing home users, your DNS queries typically go to your ISP, and they are unencrypted |
| 1:37.3 | between you and your ISP. With DNS or HEPS enabled, all these queries will go to Cloudflare and on the path to Cloudflare, they are using HTTP, so they should be reasonably well encrypted. |
| 1:55.0 | In the end, it sort of comes down to who do you trust more, your ISP or Cloudflare. |
| 2:01.6 | Performance-wise, according to Firefox, the initial testing they have done by allowing people |
| 2:06.9 | to enable DNS or HTTP has shown that it works well enough, so we'll see how it goes once |
| 2:15.2 | they make it the default. According to Mozilla, there are also some additional conditions they're trying to take care of if, |
| 2:22.3 | for example, a user does use specifically configured DNS privacy scheme, something like |
| 2:31.3 | Open DNS or such that they will not use DNS or HDPS in those cases. |
| 2:37.0 | So it should only be used if you are using your default DNS provider. |
| 2:43.0 | Now as a system administrator, if you're concerned about this protocol, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.