* Michael Catanzaro:
On Mon, Sep 28, 2020 at 5:18 pm, Florian Weimer
<fweimer(a)redhat.com>
wrote:
> But the DNS view provided by the Red Hat VPN is what disables the
> centralized DNS resolvers in browsers in these configurations. The
> magic browser probe no longer fails with the change in DNS routing
> (which the proposal confusingly names “Split DNS”) because it goes
> out over the public Internet, where it is not filtered, unlike the
> Red Hat VPN.
Hm, I'm pretty sure this is a Firefox-specific issue, right? Fedora's
Firefox is patched to use system DNS, so it shouldn't matter for us.
I'm not aware of any other browser that ignores system DNS; at least,
I'm fairly certain Chrome and Epiphany will both never do this.
It seems that you are right about Chromium:
| We have no plans to support this approach. We believe that our
| deployment model is significantly different from Mozilla's, and as a
| result canary domains won't be needed.
<
https://www.chromium.org/developers/dns-over-https>
However, you wrote earlier that “split DNS” is not available over
nss_dns, so I think Chromium is still impacted because it uses the same
interfaces that nss_dns would use in this mode (i.e., not nss_resolve).
Thanks,
Florian
--
Red Hat GmbH,
https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill