On Fri, Nov 13, 2020 at 02:24:23PM +0000, Michael Tremer (michael.tremer@ipfire.org) wrote:
unbound already supports DoH, so how about enabling it in IPFire, too?
I do not see how that would be possible with dynamic configuration of clients with DHCP and getting some sort of valid certificate for the DNS service.
Well enabling DoH in IPFire should be reasonably easy. Actually getting clients to use it, yeah, hard to automate or enforce, unless you have an environment where you centrally control browser configurations.
Which does make it questionable if having DoH in IPFire would be useful. Not very right now, I guess, beyond allowing people to experiment with it. But that may change.
Anyway, not urgent, but something to keep in mind, in the list of things that may be needed sooner or later. (Even unbound only implemented it this October.)