On Wed, Jan 22, 2025 at 02:30:58PM +0100, Frank Guthausen wrote: > On Wed, 22 Jan 2025 12:42:20 +0100 > <to...@tuxteam.de> wrote: > > On Wed, Jan 22, 2025 at 12:34:20PM +0100, Frank Guthausen wrote: > > > > > > [...] DoH can circumvent manipulation by the ISP [...] > > > > It just replaces one bully by another bully. I won't bet on Google not > > manipulating its DoH lookups once that starts improving their bottom > > line. > > At least in principle we could recompile Chromium or Firefox with the > IP of a trusted nameserver. A configuration option for the IP address > would be even better (I don't know whether this is implemented yet).
But then you can set your "upstream" name server and have your whole system profit from a "good" DNS. Perhaps use DNSSEC. Perhaps, even, use DoH at that level. And at the same time let the local admins do their local fixes. That's what miffs me about browsers: they think "they are the world". Cheers -- t
signature.asc
Description: PGP signature
