On Mon, Sep 28, 2020 at 11:56 am, Paul Wouters <paul@xxxxxxxxx> wrote:
And that's why DNS-Over-TLS (DoT) and DNS-over-HTTPS (DoH) are now
being deployed. And why browsers are, contrary to Michael Catanzaro's
wrong claim, overriding the system DNS already. See Mozilla's TRR
program https://wiki.mozilla.org/Trusted_Recursive_Resolver and
Google's chrome https://www.chromium.org/developers/dns-over-https
Florian just linked to that same chromium.org page as evidence that
Chrome is not ignoring system DNS. :) Indeed, if you read the page,
they're only using DNS over HTTPS (DoH) if system DNS matches a
hardcoded list of providers that support DoH. So I believe I'm correct
to say that only Firefox is doing that... and we have already patched
Firefox to not do that.
Similarly, system-resolved will allow us to enable DNS over TLS (DoT)
systemwide for supported providers. That's not enabled in F33, but I
think we should flip the default for F34.
What we do not need is systemd-resolved making up its own incompatible
and unsuspected protocols.
Now I'm lost. What are you talking about...?
Better standardization for captive portals seems good, but I'm not sure
what this has to do with the systemd-resolved change?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
