On Wed, 22 Jan 2025 10:46:16 +0000 Chris Green <c...@isbd.net> wrote: > > How can it do that in reality? It's connecting to the outside world > via the router. It would have to 'tunnel' through the router somehow > wouldn't it as otherwise the router will 'see' any attempts to do DNS > type things.
You can ask Google's DNS server directly: dig @8.8.8.8 -t A www.google.com Or you can use your local DNS server: dig -t A www.google.com Both methods are ordinary DNS requests. > Are you saying that Chromium/Vivaldi have some fixed IP addresses that > they use for DNS servers out on the internet? Yes, the protocol used here is DoH or ``DNS over HTTPS''[1] which is specified in RFC 8484[2]. This is a bypass for local network settings which might not allow to ask external DNS servers as in the example above. Since local dial-up connections usually depend on the ISPs DNS server, DoH can circumvent manipulation by the ISP as quite common in Germany and the EU. However, IANAL and I don't know in which cases it might be not legal to circumvent lawful censorship. [1] https://en.wikipedia.org/wiki/DNS_over_HTTPS [2] https://datatracker.ietf.org/doc/html/rfc8484 -- kind regards Frank
pgpBNLiV46hXa.pgp
Description: OpenPGP digital signature
