On Sun, Mar 24, 2019 at 11:14 PM Vittorio Bertola <vittorio.bertola=40open-xchange....@dmarc.ietf.org> wrote: > > In today's "plain DNS" world, I choose a DNS resolver that provides that kind > of filters for me, I set it up on my router, and my router pushes it to my > smart TV via DHCP. What is the "existing configuration mechanism" that allows > me to set this policy in the DoH world, i.e. if the TV came equipped with > applications preconfigured to use their own remote resolver via DoH? > > As a minimum, I would have to open all the applications and configure them > one by one to use my desired resolver, and repeat this for every device > connected to my network - while in the current situation this is all > automated after I configure the resolver once on my router. But applications > like Firefox might completely refuse to use the resolver I want, advertised > by my router on my behalf, because it does not support DoH, or it does but is > not on their list of "trusted resolvers". And Javascript bits in the pages I > visit might use DoH to pre-encoded servers without even offering me any > configuration. >
I think configuring every application, operating system, or platform to do the filtering is the right way regardless of the existence of DoH. I wouldn't trust that the opinion given by a DHCP server is what will be really used by all clients. If you need to check that's what is really happening, wouldn't it require about the same effort to configure the parental control features that are already provided by many vendors. I also believe that's a lot easier thing to do for the average user. If you really want a DIY solution, why don't you look into the actual HTTP(S) traffic and SNIs? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
