On Thu, Nov 07, 2019 at 06:18:46PM +0100, Nicolas Mailhot via devel wrote: > > > > > > DoH has zero integration and manageability. “It’s not centralized” > > > (but > > > you have to set manually DoH settings in all apps *or* rely on a > > > centralized Google DoH whitelist) is an utter joke. > > > > Setting in all apps? Excuse me? You run your stub DoH resolver > > on ::1 and put ::1 in resolv.conf. > > That won't be honored by DoH-enabled apps that refuse to honor system > resolution. > > That won't be honoured by all the other things on your network, unless > you reparameter every and each one of them by hand (assuming they > support DoH, or allow setting a DNS resolver manually in the first > place) > > That won't be honoured by the smartphone of your visitors, by their pet > smart collar, etc, unless you spend 15 minutes figuring how to > reconfigure them at the start of their visit, and reconfigure them back > at the end. Don't bother giving them your wifi code. > > So, no smart tv, no internet radio, no smart toaster, no resolved > network path to your gaming console, no nothing for them. Back to the > dark ages where nothing worked by default, networks were an enterprise- > only thing, and ISPs felt entitled to charge multiples if you plugged > more than one computer at the end of their cable. Here's a network management lesson for you: - run DoH resolver* not on ::1, but on IP available on your LAN - put above IP in DHCP and RA replies - bam! every device you mentioned uses DoH to resolve * I'm not aware of any packaged for Fedora, I'm using https://github.com/m13253/dns-over-https myself > That's what your single-system “solution” actually means. > > Using DoH today means, in practical terms, using Google-approved > resolvers, and names Google know of (bye bye private networks) because > that's the only common ground DoH apps agree on, and the only practical > way to synchronize DoH naming results with the rest of the network > world. You seem to have some Google-fixation. I'll refrain from continuing this thread, you seem to be arguing against protocol, instead of reaching consensus on how to provide tools for it in Fedora. -- Tomasz Torcz Once you've read the dictionary, xmpp: zdzichubg@xxxxxxxxx every other book is just a remix. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
