From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Should we block DoH by default?
Date: Tue, 03 Mar 2020 17:06:31 +0100
Message-ID: <080c1b9fab19e17933a9514fa719fde7@ipfire.org>
In-Reply-To: <20200303155517.GF31441@tehanu.it.jyu.fi>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0786415412820297966=="
List-Id: <development.lists.ipfire.org>

--===============0786415412820297966==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Am 2020-03-03 16:55, schrieb Tapani Tarvainen:
> 
> Perhaps I should also note that Firefox allows you to choose your own
> DoH server, you don't have to use Mozilla or Cloudflare or whatever,
> and at some point it might be good to have DoH server built into
> IPFire.
No. Because DoH is a crappy protocol (BASE64 encoded DNS packets)
and browsers will not accept self signed TLS certificates.

HTTPS cannot verified without working DNS so the Idea to tunnel
DNS over HTTPS is strange...

--===============0786415412820297966==--