Not affiliated with Waterfox at all, but I am a user, and this seems like great news for me.
Sidetrack: I really wish OS vendors would support DNS over TLS (and maybe DoH, I just prefer the former).
I understand that on a LAN the router is typically acting as the DNS server but I don’t see why the OS couldn’t be smart enough to automatically detect DNS over TLS on the standard port when overriding the DNS settings manually.
I think you can do that right now on Linux, this Quad9 article describes it working with
systemd-resolved
Typo, you mean DoH at some point in your comment.
Corrected, thanks 👍
deleted by creator
I can’t speak to Android but all of those require running some DNS recursive resolver locally then pointing the OS resolver to it. While I do that already, it doesn’t really address the issue I’m getting at: the OS doesn’t natively support it.
On macOS/iOS I use a
.mobileconfig
file to point to my Dockerized DNS over TLS resolver in the cloud and it works great, but why do I need to do that rather than use the “normal” DNS preferences? Command line tools still revert to the DHCP DNS server so on macOS I run unbound to take care of that.For Linux, I’m mainly running a Raspberry Pi on Alpine Linux with unbound as well; it works great for DHCP clients that get pointed to it but (especially if this were some company LAN) all the DNS queries are still going over the LAN unencrypted.
deleted by creator
This sounds good! Although not a waterfox user, are there any other good reasons to try it out over hardened firefox?
deleted by creator
There is also Mercury, which claims to combine quite a lot of the nice stuff from different FF forks. I personally stick to the original, but it might be worth checking out.
deleted by creator
It has a nice ui on windows. I use it at university