On Fri, Oct 9, 2020 at 12:31 pm, Paul Wouters <paul@xxxxxxxxx> wrote:
The main use case of DNS-over-TLS is to bypass untrustworthy DNS,
which
often means the local DHCP provided DNS of the coffeeshop/hotel. The
importance of doing DNS-over-TLS to your local ISP is pretty minor
compare to the security and privacy conerns raised of the current
systemd-resolved implementation and default configuration.
To avoid any misunderstanding, this change does nothing to bypass
untrustworthy DNS. It only works if your DNS is trustworthy, and even
then, impact is limited. From my proposed release notes:
"Be aware that Fedora can only encrypt traffic between you and your DNS
server, and then only if supported by your DNS server. For example, if
you are connected to a home router, the DNS between your laptop and
your router will be encrypted if supported by your router, but this
change has no impact on what happens between your router and your ISP
unless your router is running Fedora and your ISP supports DoT."
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
