22

Add ODOH - Oblivious DoH support

Is it possible to add ODOH support? It's a new standard proposed by cloudflare which would be a nice addition for digital privacy. It's meant to assure that not even the DNS resolver could know which site a user tries to connect to, if the user doesn't want any logging.

5 replies

null
    • olivier
    • 3 yrs ago
    • Reported - view

    The resolver knows the domain being resolved, but don't see the client IP, the ODoH proxy know the client IP but don't know the domain.

    We could support this new protocol, but the privacy improvement is unclear in our case, as configuration ID will still identify the client.

      • who
      • 3 yrs ago
      • Reported - view

      Olivier Poitrey Does this add latency to blocking?

      • olivier
      • 3 yrs ago
      • Reported - view

      who odoh adds latency to all DNS queries by design.

    • Zac_Zalanski
    • 1 yr ago
    • Reported - view

    This is exactly how Apple's iCloud+ Private Relay is working.

      • Martheen
      • 1 yr ago
      • Reported - view

      Zac Zalanski ODoH is proposed by Cloudflare, Apple, and Fastly engineers, while the later Private Relay uses  Cloudflare, Fastly, and Akamai for the second hop. So yes, they're closely related. But as pointed out the privacy improvement is minimal, while in Private Relay Apple doesn't log user history in their server, in NextDNS logs are enabled by default, and by design NextDNS still needs to scan the query anyway to figure out if it needs to be blocked according to the users' unique configuration.

Login to reply

Content aside

  • 22 Likes
  • 1 yr agoLast active
  • 5Replies
  • 1040Views
  • 6 Following