On Thu, Nov 07, 2019 at 06:18:46PM +0100, Nicolas Mailhot via devel wrote:
> > > 
> > > DoH has zero integration and manageability. “It’s not centralized”
> > > (but
> > > you have to set manually DoH settings in all apps *or* rely on a
> > > centralized Google DoH whitelist) is an utter joke.
> > 
> >   Setting in all apps? Excuse me?  You run your stub DoH resolver
> > on ::1 and put ::1 in resolv.conf. 
> That won't be honored by DoH-enabled apps that refuse to honor system
> resolution.
> That won't be honoured by all the other things on your network, unless
> you reparameter every and each one of them by hand (assuming they
> support DoH, or allow setting a DNS resolver manually in the first
> place)
> That won't be honoured by the smartphone of your visitors, by their pet
> smart collar, etc, unless you spend 15 minutes figuring how to
> reconfigure them at the start of their visit, and reconfigure them back
> at the end. Don't bother giving them your wifi code.
> So, no smart tv, no internet radio, no smart toaster, no resolved
> network path to your gaming console, no nothing for them. Back to the
> dark ages where nothing worked by default, networks were an enterprise-
> only thing, and ISPs felt entitled to charge multiples if you plugged
> more than one computer at the end of their cable.

  Here's a network management lesson for you:
- run DoH resolver* not on ::1, but on IP available on your LAN
- put above IP in DHCP and RA replies
- bam! every device you mentioned uses DoH to resolve

* I'm not aware of any packaged for Fedora, I'm using
  https://github.com/m13253/dns-over-https myself

> That's what your single-system “solution” actually means.
> Using DoH today means, in practical terms, using Google-approved
> resolvers, and names Google know of (bye bye private networks) because
> that's the only common ground DoH apps agree on, and the only practical
> way to synchronize DoH naming results with the rest of the network
> world.

  You seem to have some Google-fixation.  I'll refrain from continuing
this thread, you seem to be arguing against protocol, instead of
reaching consensus on how to provide tools for it in Fedora.

Tomasz Torcz                        Once you've read the dictionary,
xmpp: zdzich...@chrome.pl           every other book is just a remix.
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to