From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Should we block DoH by default? Date: Tue, 03 Mar 2020 15:28:00 +0000 Message-ID: In-Reply-To: <83D08EF2-A2BC-4759-9F69-E42BADBDA3C9@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6207584748171224908==" List-Id: --===============6207584748171224908== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello *, @Sorin-Mihai V=C3=A2rgolici: EHLO, it's nice to see another Postmaster on thi= s list... :-) although I basically agree with Michael, Tapani made a point: If we decide to= build something that intents to block DoH in Firefox (what about other browsers, an= yway?), the administrator of an IPFire machine should be able to turn it off easily -= which would be something different than the "turn DNSSEC off" switch requested coun= tless times by now. Needless to say, if Mozilla decides not to honour use-application-dns[.]net a= nymore - which I expect to happen as some ISPs probably want to continue snooping on= their users DNS traffic -, we are at the very beginning of this battle again. Besides this canary domain, the links mentioned in https://lists.ipfire.org/p= ipermail/development/2020-March/007134.html might be helpful, too, but that would require some sort of deep package inspe= ction, which I advise against. It seems to me like the internet is getting worse all the time, and unfortuna= tely, DoH as used by Mozilla does not make it better... Thanks, and best regards, Peter M=C3=BCller --===============6207584748171224908==--