Sidetrack: I really wish OS vendors would support DNS over TLS (and maybe DoH, I just prefer the former).
I understand that on a LAN the router is typically acting as the DNS server but I don’t see why the OS couldn’t be smart enough to automatically detect DNS over TLS on the standard port when overriding the DNS settings manually.
I can’t speak to Android but all of those require running some DNS recursive resolver locally then pointing the OS resolver to it. While I do that already, it doesn’t really address the issue I’m getting at: the OS doesn’t natively support it.
On macOS/iOS I use a .mobileconfig file to point to my Dockerized DNS over TLS resolver in the cloud and it works great, but why do I need to do that rather than use the “normal” DNS preferences? Command line tools still revert to the DHCP DNS server so on macOS I run unbound to take care of that.
For Linux, I’m mainly running a Raspberry Pi on Alpine Linux with unbound as well; it works great for DHCP clients that get pointed to it but (especially if this were some company LAN) all the DNS queries are still going over the LAN unencrypted.
Sidetrack: I really wish OS vendors would support DNS over TLS (and maybe DoH, I just prefer the former).
I understand that on a LAN the router is typically acting as the DNS server but I don’t see why the OS couldn’t be smart enough to automatically detect DNS over TLS on the standard port when overriding the DNS settings manually.
I think you can do that right now on Linux, this Quad9 article describes it working with
systemd-resolved
Typo, you mean DoH at some point in your comment.
Corrected, thanks 👍
deleted by creator
I can’t speak to Android but all of those require running some DNS recursive resolver locally then pointing the OS resolver to it. While I do that already, it doesn’t really address the issue I’m getting at: the OS doesn’t natively support it.
On macOS/iOS I use a
.mobileconfig
file to point to my Dockerized DNS over TLS resolver in the cloud and it works great, but why do I need to do that rather than use the “normal” DNS preferences? Command line tools still revert to the DHCP DNS server so on macOS I run unbound to take care of that.For Linux, I’m mainly running a Raspberry Pi on Alpine Linux with unbound as well; it works great for DHCP clients that get pointed to it but (especially if this were some company LAN) all the DNS queries are still going over the LAN unencrypted.
deleted by creator