I’m curious about the technical/enforcement side of this. The UK doesn’t really have a great firewall. Would they press ISPs to drop routes for their ASN?
Hopefully DoH and DoT take off to help with that. But also are ISPs usually running devices hefty enough to inspect every DNS response going through their network? I thought they mostly run pure routers.
With unencrypted DNS it’s dead easy to redirect to your own resolver. In fact, if you’re trying to enforce DoT or DoH on your LAN it can be good practice to do this to ensure that rogue applications aren’t bypassing your resolver.
I don’t think ISPs really do this though currently.
Fun unrelated backstory: I found a website that resolves DNS records using 1.1.1.1 over DoH in JavaScript. I had to flat out block connections to 1.1.1.1.
I’m curious about the technical/enforcement side of this. The UK doesn’t really have a great firewall. Would they press ISPs to drop routes for their ASN?
The usual way is to ask ISPs to drop the DNS record for Reddits domains.
This leaves most users unable to reach the site. Determined users won’t be stoped. But it’s good enough for the powers that be.
Hopefully DoH and DoT take off to help with that. But also are ISPs usually running devices hefty enough to inspect every DNS response going through their network? I thought they mostly run pure routers.
With unencrypted DNS it’s dead easy to redirect to your own resolver. In fact, if you’re trying to enforce DoT or DoH on your LAN it can be good practice to do this to ensure that rogue applications aren’t bypassing your resolver.
I don’t think ISPs really do this though currently.
Fun unrelated backstory: I found a website that resolves DNS records using 1.1.1.1 over DoH in JavaScript. I had to flat out block connections to 1.1.1.1.