On Mon, Nov 04, 2019 at 10:40:47AM -0600, Michael Cronenworth wrote: > Hi, > > Is there any project or team involved with improving encrypted DNS support > in Fedora? Any movement in Red Hat corporate? > > - Glibc team? > The /etc/resolv.conf file needs some love. AFAIK it still does not verify DNSSEC. > - Bind team? > Using 'stunnel' is not a real option. > - DHCP(d & c) team? > Some sort of standard for applying DoT/DoH options to resolv.conf > - NetworkManager team? > Same as above. > > This last effort I know of was back in 2012[1] but it was limited to DNSSEC > only. According to Arch's table[2] only two DNS applications have support > for encrypted DNS. > > IMHO, this should be our number one priority over modules, new spins, or > whatever paint color the bike shed needs to be today. I would like to see > DNS over TLS (DoT) with DTLS at the very least. We have getdns-stubby packaged for DoT and dnscrypt-proxy for DoH. Anyone interested can have Do* enabled on his system. systemd-resolved also supports DoT, although in insecure way: https://github.com/systemd/systemd/issues/9397 We may be missing stuff like https://github.com/dimkr/nss-tls , but do we need it? I have DoH enabled system-wide on one of my installatioans for over a year. We have required software packaged, so what exactly do you propose? -- Tomasz Torcz Morality must always be based on practicality. xmpp: zdzichubg@xxxxxxxxx -- Baron Vladimir Harkonnen _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
