Re: DOH (was: geolocation services disabled and Gnome maps)

To: debian-user@lists.debian.org
Cc: Liam O'Toole <liam.p.otoole@gmail.com>
Subject: Re: DOH (was: geolocation services disabled and Gnome maps)
From: Reco <recoverym4n@enotuniq.net>
Date: Mon, 13 Apr 2020 16:19:55 +0300
Message-id: <[🔎] E1jNz0F-0006kL-IW@enotuniq.net>
In-reply-to: <[🔎] 20200413111444.GA8807@dipsy.tubbynet>
References: <[🔎] 20200412084840.wcpikgqytvnuxsus@cbuster.nuvreauspam> <[🔎] 20200412101045.GL7740@tuxteam.de> <[🔎] E1jNZjg-0001wc-LQ@enotuniq.net> <[🔎] 20200412103544.GM7740@tuxteam.de> <[🔎] E1jNaP5-0001xW-R0@enotuniq.net> <[🔎] CAD8GWssYFCR-YHvucyzYXDuaNw+Skhyrb9OKmrBJz_Puk88DMg@mail.gmail.com> <[🔎] E1jNrwI-0006AF-RV@enotuniq.net> <[🔎] 20200413081602.bcvnm23ijdgybopv@cbuster.nuvreauspam> <[🔎] E1jNvqk-0006TT-Uu@enotuniq.net> <[🔎] 20200413111444.GA8807@dipsy.tubbynet>

On Mon, Apr 13, 2020 at 12:14:44PM +0100, Liam O'Toole wrote:
> On Mon, 13 Apr, 2020 at 12:57:54 +0300, Reco wrote:
> > 	Hi.
> > 
> > On Mon, Apr 13, 2020 at 11:16:02AM +0300, Andrei POPESCU wrote:
> 
> [...]
> 
> > > Whether DoH or DNS-over-TLS, you have to trust the DNS server.
> > 
> > Yup. That's why I have my own, and every Debian user can have their own
> > too, using only free software.
> > 
> 
> Pray tell us more. I use dnsmasq for clients on my LAN, but even that
> has to use an upstream name server --- in my case the one provided by my
> ISP.

1) Rent yourself a VPS, install bind there (there's no DNS but bind).
Replace bind with unbound if you need caching-only nameserver
(caching-only bind is possible, but it's an overkill).

2) Apply [1] to your dnsmasq.

3) Your ISP gets a TLS tunneled DNS request (and they can't do anything
about it), you get unmolested name resolution.

stunnel can be replaced with ipsec or openvpn or wireguard.
Whatever you use as a caching DNS on your end does not matter, as long
as it can forward DNS queries to another upstream DNS.

Reco

[1] https://kb.isc.org/docs/aa-01386

Reply to:

Follow-Ups:
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>

References:
- Re: geolocation services disabled and Gnome maps
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: geolocation services disabled and Gnome maps
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: <tomas@tuxteam.de>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Lee <ler762@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Reco <recoverym4n@enotuniq.net>
- Re: DOH (was: geolocation services disabled and Gnome maps)
  - From: Liam O'Toole <liam.p.otoole@gmail.com>

Prev by Date: Re: Moderation (not!) [was: Debian is testing Discourse]
Next by Date: Re: Moderation (not!) [was: Debian is testing Discourse]
Previous by thread: Re: DOH (was: geolocation services disabled and Gnome maps)
Next by thread: Re: DOH (was: geolocation services disabled and Gnome maps)
Index(es):
- Date
- Thread