On Thu, Nov 07, 2019 at 06:18:46PM +0100, Nicolas Mailhot via devel wrote:
> >
> > DoH has zero integration and manageability. “It’s not centralized”
> > (but
> > you have to set manually DoH settings in all apps *or* rely on a
> > centralized Google DoH whitelist) is an utter joke.
>
> Setting in all apps? Excuse me? You run your stub DoH resolver
> on ::1 and put ::1 in resolv.conf.
That won't be honored by DoH-enabled apps that refuse to honor system
resolution.
That won't be honoured by all the other things on your network, unless
you reparameter every and each one of them by hand (assuming they
support DoH, or allow setting a DNS resolver manually in the first
place)
That won't be honoured by the smartphone of your visitors, by their pet
smart collar, etc, unless you spend 15 minutes figuring how to
reconfigure them at the start of their visit, and reconfigure them back
at the end. Don't bother giving them your wifi code.
So, no smart tv, no internet radio, no smart toaster, no resolved
network path to your gaming console, no nothing for them. Back to the
dark ages where nothing worked by default, networks were an enterprise-
only thing, and ISPs felt entitled to charge multiples if you plugged
more than one computer at the end of their cable.
Here's a network management lesson for you:
- run DoH resolver* not on ::1, but on IP available on your LAN
- put above IP in DHCP and RA replies
- bam! every device you mentioned uses DoH to resolve
* I'm not aware of any packaged for Fedora, I'm using
https://github.com/m13253/dns-over-https myself
That's what your single-system “solution” actually means.
Using DoH today means, in practical terms, using Google-approved
resolvers, and names Google know of (bye bye private networks) because
that's the only common ground DoH apps agree on, and the only practical
way to synchronize DoH naming results with the rest of the network
world.
You seem to have some Google-fixation. I'll refrain from continuing
this thread, you seem to be arguing against protocol, instead of
reaching consensus on how to provide tools for it in Fedora.
--
Tomasz Torcz Once you've read the dictionary,
xmpp: zdzichubg(a)chrome.pl every other book is just a remix.