[antonjs]

And does your browser have settings which bypass or supplement the host's DNS configuration. Secure DNS (DoH etc) is great, but damn that's confusing when you first run across it. Not to mention how phones do it; you can't override a DoH DNS server when connecting to a VPN which offers internal DNS on Android, for instance.

[TheNewsIsHere]

Aren’t all of those concerns out of scope for DNS itself, though? DNS can only give you a TTL, for example, it cannot require you follow it.

Ideally that’s what RFCs are for, but even organizations that pay smart people to come up with clever standards don’t always follow them. Implementations frequently disregard or guess about the things standards cover.

[tikhonj]

From the point of view of the standard, maybe, but not from the point of view of somebody learning or using DNS.

[TheNewsIsHere]

I don’t disagree, and I think that’s why we need to make it clear that there’s a difference between implementation and standard.

My education is a mix of formal and autodidactic. One of the best things I got from formal education is the structured introduction to fundamentals like the OSI model.

If you don’t have that kind of foundation, it can be much, much harder to understand the “why” of the endless differences between documented standards and in-the-wild implementations. It’s good to know where you are in the stack to help inform what you’re seeing.

[WarOnPrivacy]

> you can't override a DoH DNS server when connecting to a VPN which offers internal DNS on Android, for instance.

True. I set my VPN server to force DNS thru the tunnel to an intercepting DNS server - and it replies as if it were the intended DNS server.

DNS server is setup this way in response to LAN devices that have their own DNS configured, but it handles Android's private DNS too.