Hacker News new | past | comments | ask | show | jobs | submit login

My only gripe with DNS over HTTPS is that it seems to somehow be coupled with making it harder for me to actually force everything to use a particular DNS at the OS level, so apps can do things like circumvent your pihole regardless of how you configure your device's DNS settings.



They could do that already. There is nothing requiring that your app uses the OS set dns server


> They could do that already.

Before Mozilla's drama with DoH, which app(s) did that?

Now that Mozilla has shown people that it's 'okay' to override the OS I'm worried that more things will do that same cockamamie thing.


Not an app, but Chromecasts have 8.8.8.8 hard coded.


> Before Mozilla's drama with DoH, which app(s) did that?

Chrome, for one?


But your firewall could block port 53. If everything goes over https you can't do that any more either.


That is by design though. You want your dns requests to blend in with regular traffic on hostile networks / ISPs. The solution is to not have proprietary spyware devices in your network that don't let you set your own dns.


You could redirect these requests at your router though, essentially performing a MITM on your own device.

That will no longer be possible, which is a good and bad thing depending on the circumstances.


Sure, but they mostly didn't.

Now we will have 2 mayor browsers, that might or might not resolve internal domains correctly. And unless you have AD, and ability to push to config clients, you will have to go to each and every computer and set it manually. And hope that updates wont break it further.


I have firefox with DoH enabled and it still works with the companies internal domain names. I'm pretty sure nothing breaks because of the fact that it falls back to regular dns if the lookup fails so internal domains still resolve.


Why wont internal domains resolve correctly? Abc.private is 192.168.0.123 irregardless who's doing the name resolution n over which ports/protocols??


I'm not a fan of apps doing that. I agree it's sort of tangential.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: