Le samedi 09 novembre 2019 à 12:04 +0100, Nicolas Mailhot a écrit :
> Le samedi 09 novembre 2019 à 11:09 +0100, Tomasz Torcz a écrit :
> > On Thu, Nov 07, 2019 at 06:18:46PM +0100, Nicolas Mailhot via devel
> > wrote:
> >   Here's a network management lesson for you:
> > - run DoH resolver* not on ::1, but on IP available on your LAN
> > - put above IP in DHCP and RA replies
> > - bam! every device you mentioned uses DoH to resolve
> Using DoH? Nope. using evil unencrypted legacy DNS. So anything that
> care for DoH as you seem to will reject the configuration
> You continue advocating half-assed setups that work for your case but
> not others

RFC 8484 (DoH)

3.  Selection of DoH Server

   The DoH client is configured with a URI Template [RFC6570], which
   describes how to construct the URL to use for resolution.
   Configuration, discovery, and updating of the URI Template is done
   out of band from this protocol.

So where is the specification for “Configuration, discovery, and
updating of the URI Template” when delegation DoH selection to the
network admin ?

It's not specified. It does not exist. It's not adopted by any DoH app.
All the entities pushing DoH retain the possibility to refuse
implementing it if it does not fit their objectives.

DoH is not finished from a management PoW. The only actual and concrete
mecanism right now is using Google DoH whitelists.

Nicolas Mailhot
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 

Reply via email to