Am 04.11.19 um 17:40 schrieb Michael Cronenworth:
> Hi,
>
> Is there any project or team involved with improving encrypted DNS
> support in Fedora? Any movement in Red Hat corporate?
>
> - Glibc team?
> The /etc/resolv.conf file needs some love. AFAIK it still does not
> verify DNSSEC.
> - Bind team?
> Using 'stunnel' is not a real option.
> - DHCP(d & c) team?
> Some sort of standard for applying DoT/DoH options to resolv.conf
DoH is IMHO a waste of resources and as Browsers implement it, useless
at best, but mostly a centralization of control of users under a false
protection umbrella.
Any modern Browser will do this sequence:
User enters URL
Browser checks for domainnames
Browser sends DNS request ( over which path doesn't matter )
Opens connection to the target host
If ( HTTPS ) {
sends the domainname, he has found in the URL as SNI in plain! in
his TLS request
} else {
send the domainame in plaintext as Host: Header to the target.
}
in both cases, the result is the same. The user is trackable.
> IMHO, this should be our number one priority over modules, new spins,
> or whatever paint color the bike shed needs to be today. I would like
> to see DNS over TLS (DoT) with DTLS at the very least.
I support this.
best regards,
Marius
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
