Re: Encrypted DNS in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 09.11.19 um 10:12 schrieb Nicolas Mailhot via devel:
> That’s why DoH is intrinsically centralized and rotten to the core.
>
> DoH supporters are perfectly happy with a world where there is no
> standard for delegation. And if there is no standard, classical network
> effects will favor the biggest actor by default.
A classic "Chicken & Egg" problem. You can only support it, if enough
differen, free, reliable DoT/H Servers are out there,
which will only come, when they are requested.

In other words: someone has to make a step, and mozilla did it.

A plan:

Get NetworkManager a modul to manage DNS better:


Option Page 1:

 - receive DNS via DHCP ( default )
 - use DNS over TLS
 - use DNS over HTTPS
 - use system software proxy to manage DNS for you.

Option Page " use DNS over TLS"

 - receive list of available DNS from ... and randomly autoselect
 - use a fixed list of servers

Option Page " use DNS over HHTPS"

 - receive list of available DNS from ... and randomly autoselect
 - use a fixed list of servers

 
Option Page " use system software proxy"

 - use nscd
 - use dnssec-trigger
 - use ...
 .. whatever Fedora has to offer

This way, anyone can easily configure their prefered way, and RH PR
department can write a nice "we support encrypted DNS over a variose
number of protocols" news. Anyone who wants his proxy software in this
proxy list, names his default port/socket and a tool to be called for
configuration.

In addition "someone" ( now look suspicious to you rh contact ) has to
make webservice to give out trusted DO* Serverlists in a i.e. Json
format with some additional hints about ( name of service, country it's
laws it's following, commercial or not etc ) and sign that with  a
fedora/rh key, so we can trust the list.

what do you all think?

best regards,
Marius
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux