Modern security: We need encrypted DNS. (DoT/DoH)

Here, I want to have the option to use an encrypted DNS server. Either DNS-over-TLS or DNS-over-HTTPS…

image631×538 25.6 KB

And it should be there by default. Security should be the default, after all…

See that Firefox e.g. plans to introduce this (DNS-over-HTTPS) by default with sets of trusted resolvers. The reasons are clear: OS vendors and routers are to slow too implement it, so browsers roll out their own security mechanisms.

The obvious problem is: This does not protect the DNS of all the other applications…

That’s why I want this feature…

By default!

Note that when I say by default, I mean by default. Obviously, you can hardly provide a default server (unless you do it the Mozilla’s way), but you can offer the possibility by default, i.e. all the implementation should be ready, and I, as a user, just want to enter the URL of the DoH server to be able to use it.

It should just work then – just like it currently works with “usual” DNS, where I enter a DNS IP, I should be able to easily switch to DoH (e.g.).

How to make this happen?

I guess it needs to be integrated into NetworkManager somehow?

Where can this be reported/tracked?

Cross-posted in the GNOME discourse community.

If you really want it right now, just use systemd-resolved, which has DNS-over-TLS built-in.

Okay, thanks FYI.
I guess I still need to configure it manually via config files then, but it’s a possibility.

Questions still stand though: Where should this feature be requested?

Someone also requested this feature in:

It is better to do this in NetworkManager, so that users of all desktop environments can use it.