From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Aw: Re: Should we block DoH by default? Date: Tue, 03 Mar 2020 14:58:20 +0100 Message-ID: In-Reply-To: <20200303131550.GE31441@tehanu.it.jyu.fi> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1930605584980518914==" List-Id: --===============1930605584980518914== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > Gesendet: Dienstag, 03. M=C3=A4rz 2020 um 14:15 Uhr > Von: "Tapani Tarvainen" > An: development(a)lists.ipfire.org > Betreff: Re: Should we block DoH by default? > > On Mar 03 11:47, Michael Tremer (michael.tremer(a)ipfire.org) wrote: >=20 > > I do not want DoH. I do not like it.=20 >=20 > I want it and I like it and I think it will come anyway. >=20 Maybe it comes anyway. Just as Google devices want to do DNS resolving on 8.8= .8.8, without looking at the rules defined by DHCP etc. Nevertheless this is no reason to allow it. In most countries vigilantism is = not allowed, even when weapons are spread very widely in the society. > > We could consider always blocking this domain and always return NXDOMAIN = or something else that falls into the =E2=80=9Cnegative=E2=80=9D category. > >=20 > > That way we can guarantee (at least for now) that Firefox users will stil= l use the IPFire resolver. > >=20 > > Would anybody be against this? >=20 > I would. I don't want to be *forced* to use IpFire resolver. > But one task of an internet appliance like IPFire is just to force such local= rules. =20 > If you something like that, at the very least it should be an option > that can easily be turned off. >=20 This is one aspect. On the other side such a feature like DoH should be turne= d on "silently". --- Bernhard > --=20 > Tapani Tarvainen > --===============1930605584980518914==--