On Wed, Jan 22, 2025 at 10:46:16AM +0000, Chris Green wrote: > to...@tuxteam.de wrote:
[...] > > I somehow have got the feeling that we are talking about completely > > different things. DoH has absolutely nothing to do with your router's > > (or any other local network's, or your provider's) DNS. It bypasses > > it. That's its job. > > > How can it do that in reality? It's connecting to the outside world > via the router. It would have to 'tunnel' through the router somehow > wouldn't it as otherwise the router will 'see' any attempts to do DNS > type things. The tunnel is called HTTPS. The browser sends its DNS requests inside of HTTPS requests, which your router can't look into, unless it is playing MITM games: https://en.wikipedia.org/wiki/DoH > I guess the browser can talk to numeric addresses just using the > router as the default route but that's still assuming the router > doesn't have its own internal 'investigation' of what's being passed > through it. How could it, being an encrypted stream it hasn't the keys to? > Are you saying that Chromium/Vivaldi have some fixed IP addresses that > they use for DNS servers out on the internet? Basically this, yes. Cheers -- t
signature.asc
Description: PGP signature
