Hi, I've been doing some digging around to figure out how to enhance DNS security privacy, and it's really a rabbit hole. Fedora 28, not any different near as I can tell from Windows 10 or macOS 10.13 is simply deferring to DHCP assigned DNS which for my POS ISP is hardwired to their DNS servers and can't be changed. Then I ran into this ancient feature from Fedora 17: https://fedoraproject.org/wiki/Features/DNSSEC_on_workstations Did that feature actually ship? Did it get undone soon thereafter? I don't remember ever having secure DNS of any type out of the box. A little more digging around and found some lightweight DoH clients that could be run locally, but then the best performer was dnscrypt-proxy 2 so I did a dnf search... dnscrypt-proxy looks like it's gone stale but is what's in the official repo, and the package URL points to a dead end web page with no function. https://koji.fedoraproject.org/koji/packageinfo?packageID=22504 This looks like the current version of dnscrypt-proxy 2 https://copr.fedorainfracloud.org/coprs/eclipseo/dnscrypt-proxy/ The UI for this right now is icky. First, for wireless DNS a per connection setting and I can't make it the default for all connections or future settings, at least not through the GUI. Second, it's not secure, it's just ordinary DNS. Anyway, I'm wondering if it's practical now or in the near future for Fedora to to offer an alternative to deferring to ISP DNS? But then also what that would look like? And then what it would or could look like among the editions: I could see Cockpit and GNOME/NetworkManager UI's have some default, with a list of common alternative providers: Google, quad9, Cloudfare's new thing, OpenDNS, etc and let people make their own choice. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
