That sounds like a good old bug that you certainly can put the blame on DoH but they happen all the time in all ares. Another day using DoH could be the faster solution...
-
-
Replying to @bagder @cynicalsecurity and
Yep, DoH might add some small amount of latency, but it seems impossible it was responsible for what you were seeing.
1 reply 0 retweets 3 likes -
So turning it off or using the native browser worked fine but it is not DoH?
1 reply 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
Rebooting your computer sometimes fixes problems, it doesn't really reveal anything about the cause though, right?
2 replies 0 retweets 6 likes -
no, but turning DoH back on slowed browsing to a treacle again… do it a few times and it starts being compelling evidence. Perhaps the ISP throttles TCP to CDNs, perhaps it has SSL MITM which breaks DoH. I don't know and I don't care 'cos my mum lives 4hrs away and I need a fix.
1 reply 0 retweets 3 likes -
Replying to @cynicalsecurity @bagder and
Sure, It's possible the ISP was doing SSL MITM. I care about that, I don't want your mums email being inspected without permission. I guess if you don't care, then resolving this problem was an unwelcome chore, but just allow malicious ISPs shouldn't be the default right?
1 reply 0 retweets 4 likes -
Yes, right, let's pick the most unlikely reason… the reason, which I bothered to analyse, is that the ISP is small, does not peer at major peering points, is on a local IXP and is, fundamentally, only suitable for local traffic. DoH and the hundreds of DNS requests make it slow.
2 replies 0 retweets 1 like -
Replying to @cynicalsecurity @bagder and
I was just repeating the reason you gave. Sure, disabling DoH might be the answer in some situations, but you agree we shouldn't *default* to plaintext protcols like http/telnet/dns, because in rare cases it's acceptable, right?
1 reply 0 retweets 3 likes -
No, you are putting a data transfer protocol, a remote access protocol and a name resolution protocol in the same category. DoH is not securing DNS, it is sending all requests to the same location which, for privacy, is lethal.
2 replies 0 retweets 7 likes -
Replying to @cynicalsecurity @taviso and
Well... The idea is to encrypt DNS, which is probably a better solution than dnssec (which is a pita). On the other hand DoH is DNS udp packets inside http/2 inside TLS. I fail to see how the http/2 part is necessary. Also it should work at the OS level, not in the browser.
3 replies 0 retweets 2 likes
It should, I think it will eventually, but we have to work with what we've got. It's a first step.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.