|
|
|
|
|
|
by josteink
2624 days ago
|
|
|
> How far off are we from DoH being supported by common operating systems, DHCP, etc? To my knowledge none. Nobody is doing this, because it subverts how DNS is supposed to operate. > It would be nice if these apps could detect whether the system is using DoH and only fall back to their own DoH resolver in the case they're using "legacy" DNS. Yeah. Good luck diagnosing that when something stops working as expected. |
|
|
Huh? Of course people do this, it's a standard way to do DNS that improves over older DNS wire protocols by offering better security properties. It's unfortunate that we had to involve HTTP in this, but needs must.
For example you can drop in an NSS replacement that uses DoH instead of conventional DNS for all your glibc software, or you can get software from a variety of sources that runs on UDP port 53 of your local machine like a normal DNS relay but uses DoH to someone trustworthy to deliver.