Follow

Nice, so I have DoH and DoT running!

DoT is sadly not fully configured on the client side yet due to missing SNI headers that is caused by NetworkManager and systemd-resolved. But I work on that one:

gitlab.freedesktop.org/Network

@sheogorath
Are there any comments on the linked page, we regret we cannot enable Javascript.

Is there an implementation of #DNSOverHttps that sends out the request to minimum three randomly chosen servers from a list.

I would like to be able to configure a #webBrowser so DNS over port 53(?) is converted by the OS to use the above implementation.

@dsfgs nope, no news on the NetworkManager side. Also this request doesn't ask for any DNS requests being done by NetworkManager but to enable NetworkManager to tell systemd-resolved about SNI for the DNS servers.

If you disable NetworkManagers talking to resolved it's already working fine to use DoT on almost any modern Linux system which will do exactly that, convert Do53 requests into DoT requests using a local resolver.

@sheogorath
So is what you are doing related to gathering data on the type of DNS requests? Sorry we're a tad confused. Do you mean "systemd-resolver"?

How can we confirm that DNS requests are changed into DoT?

Regardless, we would prefer DoH (ie. Port 443) so that we can send the DNS requests such that they are unrecognisable (DoT uses a unique port 853).

@dsfgs I think you misunderstand the entire situation. I opened a feature request to NetworkManager to implement the integration with a DNS daemon. It's not about collecting anything. It's a feature request for system software. Not more, not less.

@sheogorath
Yes, we were a tad confused, as expressed.

Its clearer now.

Elsewhere on the web were some fairly poor explanations of SNI, which didn't help.

To answer a previous question of ours, it looks like #tcpdump might help.

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.