Encrypted DNS, widely known as DNS over HTTPS, protects DNS traffic by encrypting it.
Ya don't say.
this post was submitted on 11 Nov 2023
368 points (98.2% liked)
Technology
58143 readers
4258 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
The missile knows where it is at all times. It knows this because it knows where it isn't. By subtracting where it is from where it isn't, or where it isn't from where it is (whichever is greater), it obtains a difference, or deviation. The guidance subsystem uses deviations to generate corrective commands to drive the missile from a position where it is to a position where it isn't, and arriving at a position where it wasn't, it now is. Consequently, the position where it is, is now the position that it wasn't, and it follows that the position that it was, is now the position that it isn't.
In the event that the position that it is in is not the position that it wasn't, the system has acquired a variation, the variation being the difference between where the missile is, and where it wasn't. If variation is considered to be a significant factor, it too may be corrected by the GEA. However, the missile must also know where it was.
The missile guidance computer scenario works as follows. Because a variation has modified some of the information the missile has obtained, it is not sure just where it is. However, it is sure where it isn't, within reason, and it knows where it was. It now subtracts where it should be from where it wasn't, or vice-versa, and by differentiating this from the algebraic sum of where it shouldn't be, and where it was, it is able to obtain the deviation and its variation, which is called error.
"Mullvad's encrypted DNS solution is available free of charge for everyone. The company advises customers of its DNS service, which is available for a flat-fee of 5 EUR per month, not to use the encrypted DNS service as the DNS resolver of the VPN server is handling this automatically. The performance of connections could be slower, if users make the switch."
This nonsense was written either by an AI or a drunk.
the source blog post @mullvad
https://mullvad.net/en/blog/moving-our-encrypted-dns-servers-to-run-in-ram
i like that they have a public repo with the details on how their blocklists are compiled and what's in them.
Or someone with a hangover and a word count
Maybe the second "DNS" should be "VPN":
The DNS is free. They advise users of their paid VPN not to use this DNS service as it already uses it behind the scenes.
What does that even mean lol
Just FYI there's a standard monthly fee for use of mullvad. This will probably be a feature expansion and will run under that same fee.
Which means this whole paragraph is utter garbage.
Edit: my bad, I stand corrected.
"anyone can use mullvad public dns for free. their paid vpn service already uses it so don't set it up separately if you're a subscriber"
Thank you for translating. I use their service and am happy I don't need to make any changes.
I use mullvad and I'm too dumb to understand what this means. Can one of lemmy's many IT experts ELI5?
This makes it harder for russian military to steal one of Mullvad servers to track your porn usage over VPN - once they unplug it, all links to porn will be gone.
Harder, yes, but still good to note not impossible. There's some cryogenic techniques that allow them to preserve what's on the RAM long enough to read it.
It's a bit of a long shot, and I'm not sure if it's just theory or proven in reality. The idea is that you literally freeze the memory at a cold enough temperature to freeze the state of the memory, and then swap the memory into a machine with power in order to read or dump the data
It's a variation of a cold boot attack. Instead of forcing an OS crash and rebooting into an OS connected to a portable drive, you cool the memory to extend the time you have before the data degrades and can then do whatever you want with it. I believe you can extend it up to a week.
From what I understand it means there’s no persistence on disk of any traffic/data, it’s entirely in memory, so less risk of data being stolen or leaked
Great news
deleted
This older comment explains how ECH works.
ECH is technically unrelated to DoH, ECH is a HTTP extension not a DNS extension. But it uses the DoH encryption because it can't use the HTTP encryption because of the chicken-and-egg problem explained in that comment, so... it basically latched onto DoH as a solution and in doing that tied the two together.
And to answer your question, DoH is usable on its own without ECH because ECH is not needed for DNS. But ECH is strongly desirable for HTTP, and it also requires DoH, so that's why Mozilla for example activated then as a package deal in Firefox (both or neither).
deleted
In a sense yeah, you want ECH too. It's just that ECH makes up for a HTTP-specific fault. DNS is used for more than HTTP; if you're not using HTTP then DoH is enough.
deleted
It's HTTPS-specific, since HTTP is not encrypted.