top | item 20973251

(no title)

I don't have a problem with DNS-over-TLS, I don't know enough about it... but I'm afraid I want DNS from Firefox's perspective to be plaintext, transparent and easy for me to check and even change. Like the filesystem is.

Not just for me, easy for Privacy International to audit when verifying apps tracking, easy for OpSec on my work laptop and easy for my firewall tooling to intercept and manage.

I want the OS's network stack to transparently proxy that plaintext request to an encrypted one: which may well be DoH or DNS over TLS, just like filesystem drivers proxy plaintext file requests over encrypted hard disks.

Whether this is by a plain text request over loopback, using the existing plain text DNS protocol or a more efficient OS api I'll happily leave evolution to resolve: but for now the plaintext protocol might be the fastest thing to proxy.

discuss

No comments yet.