Support DNS over HTTPS

…for the browser. Firefox has this option. Also i don’t know if this makes sense anywhere else on the OS.

If there is one DNS-Owner/Structure everyone has to trust, like in FF, I am not sure if we will loose more, than we can win.
If one could configure her/his DNS freely, things would be different.
I personally disagree with FFs move to cloudflare although you can configure FF for other providers.

2 Likes

This should be part of the system, like in glibc, not for every app using it’s own resolver and settings.

I can imagine the reasoning for the US market, where providers are abusive and sell user profiles, but Sailfish is not aimed at the US market and I would think that the European market is much more sane. There is no rush for DoH for Sailfish.

When glibc incorporates DoH, maybe it can be incorporated and used. Personally I am very happy with using a custom hosts file and block bad hosts. An implementation with DoH should offer this too.

2 Likes

And, as a general solution, DNS overt HTTPS doesn’t seem a much better approach, from a security point of view: https://www.youtube.com/watch?v=ZxTdEEuyxHU

Helps circumvent the block list of my ISP and IMO this is as a good thing.

1 Like

I use Keweon with modified resolv conf and Keweon cert. I know custom DNS is generally considered “sketchy”, but his reputation is good for several years now, and I have used it with very good performance for the last few years on Android and SF, so I feel fine about it.

https://www.google.com/url?sa=t&source=web&rct=j&url=https://forum.xda-developers.com/t/keweondns-now-with-improved-certificate-ios-mac-android.3681139/&ved=2ahUKEwimj_Wr7e7tAhVPKawKHXWaBBQQFjAAegQIAxAB&usg=AOvVaw0RYdGsRv__PRIOpRKWCU-a