Yes you can monitor plaintext DNS with PacketBeat.
-
-
No, it's that until eSNI is widely deployed, plaintext DNS that avoids Cloudflare and Google is better for privacy.
-
I don't understand what changes after ESNI is deployed? To be clear, we're just talking about changing the default to a provider who has agreed to strict standards. It can be overridden. I have no opinion on who provides it, so long as they've agreed to high standards.
- 2 more replies
New conversation -
-
-
I’d wager a bet that for the majority of the internet users, SNI’d TLS handshakes touch much more hops & AS than DNS packets to the resolver. I find it a bit misguided to call it a “necessary first part”.
-
You can call it 20%, 10% or 5% of the solution if you like, but it is necessary. I happen to disagree and think it's a significant part of the solution, but so long as we agree it's necessary.
- 1 more reply
New conversation -
-
-
For privacy, I'd recommend starting further back and don't send needless queries at all. Most dns is full of leaked data like single word Google queries etc. RFC8198 and RFC8020 will do more for privacy (and as a side benefit decrease overall latency by not incurring more rtts)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.