Show HN: Running the second public ODoH relay

3 comments

• cedws 32 minutes ago
  What’s the selling point of ODoH given the low uptake of ECH which means the name of the server you’re talking to is given away anyway?
  [-]
  • fc417fc802 29 minutes ago
    I'd think that if you've got several leaks then patching one up is still forward progress even if it doesn't deliver a full fix immediately.
  • rdme 23 minutes ago
    They solve different things. ODoH hides your question, not who you're talking to.
    [-]
    • fc417fc802 5 minutes ago
      Sure ODoH hides your query but you then turn around and leak the question you just asked as part of the TLS handshake.
• gigatexal 11 minutes ago
  What would it take to get truly anonymous dns? I guess it’s not really possible no?
  [-]
  • fc417fc802 7 minutes ago
    Why not? Cloudflare makes 1.1.1.1 available over tor although the latency is through the roof and you still need to consider the possibility of fingerprinting the client network stack.
• rdme 1 hour ago
  The relay is a systemd unit on a VPS, Caddy for TLS, SSRF-hardened (regex-strict hostnames, no IP literals). eTLD+1 same-operator check rejects relay+target run by the same org by default. HPKE is odoh-rs from Cloudflare

  ``` cargo install numa

  # set mode = "odoh" in numa.toml ```

  Repo: https://github.com/razvandimescu/numa