Am 28.09.20 um 17:56 schrieb Paul Wouters: > >> Because DNSSEC is a disaster area and if you try and use it >> on random networks you're going to get failed lookups on a >> reasonable number - it's fine if you're on a known network >> with decent upstream servers but once you start going out >> and using random WiFi hotspots and things it's a very >> different story. > > And that's why DNS-Over-TLS (DoT) and DNS-over-HTTPS (DoH) are now > being deployed. And why browsers are, contrary to Michael Catanzaro's > wrong claim, overriding the system DNS already. See Mozilla's TRR > program https://wiki.mozilla.org/Trusted_Recursive_Resolver and > Google's chrome https://www.chromium.org/developers/dns-over-https > It's always a bad idea for a programm to do the dns itself, instead of using the dns anyone on the host does. You get a inconsistent behaviour at best, and a security nightmare at worse. DOx in a browser or any other programm is wrong anyhow. best regards, Marius _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
