From: Tapani Tarvainen <ipfire@tapanitarvainen.fi>
To: development@lists.ipfire.org
Subject: Re: Forcing all DNS traffic from the LAN to the firewall
Date: Fri, 13 Nov 2020 16:35:28 +0200 [thread overview]
Message-ID: <20201113143528.GA218744@vesikko.tarvainen.info> (raw)
In-Reply-To: <03670AF5-4C3C-42C5-AFB3-B501A0ACEB7F@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 918 bytes --]
On Fri, Nov 13, 2020 at 02:24:23PM +0000, Michael Tremer (michael.tremer(a)ipfire.org) wrote:
> > unbound already supports DoH, so how about enabling it
> > in IPFire, too?
> I do not see how that would be possible with dynamic configuration
> of clients with DHCP and getting some sort of valid certificate for
> the DNS service.
Well enabling DoH in IPFire should be reasonably easy. Actually
getting clients to use it, yeah, hard to automate or enforce, unless
you have an environment where you centrally control browser
configurations.
Which does make it questionable if having DoH in IPFire would be
useful. Not very right now, I guess, beyond allowing people to
experiment with it. But that may change.
Anyway, not urgent, but something to keep in mind, in the list of
things that may be needed sooner or later. (Even unbound only
implemented it this October.)
--
Tapani Tarvainen
next prev parent reply other threads:[~2020-11-13 14:35 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-09 17:47 Matthias Fischer
2020-11-10 13:07 ` Tapani Tarvainen
2020-11-13 14:24 ` Michael Tremer
2020-11-13 14:35 ` Tapani Tarvainen [this message]
2020-11-11 15:02 ` Rainer Kemme
2020-11-13 14:23 ` Michael Tremer
2020-11-13 14:55 ` Tapani Tarvainen
2020-11-15 13:16 ` Matthias Fischer
2020-11-15 14:45 ` Michael Tremer
2020-11-15 15:33 ` Tapani Tarvainen
2020-11-16 10:32 ` Michael Tremer
2020-11-15 14:40 ` Michael Tremer
2020-11-13 16:57 ` Matthias Fischer
2020-11-13 17:08 ` Paul Simmons
2020-11-15 13:36 ` Matthias Fischer
2020-11-15 14:50 ` Michael Tremer
2020-11-15 15:44 ` Tapani Tarvainen
2020-11-16 10:34 ` Michael Tremer
2020-11-23 9:08 ` Matthias Fischer
2020-12-25 16:57 ` Matthias Fischer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201113143528.GA218744@vesikko.tarvainen.info \
--to=ipfire@tapanitarvainen.fi \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox