On Tue, 29 Sep 2020 14:55:28 -0700 Samuel Sieb samuel@sieb.net wrote:
On 9/29/20 8:29 AM, stan via users wrote:
This is not the reality I live in though. New-style high level programming languages tend to avoid being just a wrapper around C APIs. And thus they implement minimal DNS clients themselves, ignoring the LLMNR, mDNS and so on.
Not just for DNS. For SMTP, HTTP, etc.
This is kind of a silly statement. There isn't a standard library for smtp and http clients although there are libraries like libcurl.
The modern way of coding apps is minimal marginally-compliant and secure built-in network client (so things sort of work on the dev system and in CI/CD unit tests), with the OS interposing a full-featured protocol proxy in “production” deployments.
For me, the implication of that is that I am no longer in control of DNS, etc. If some program has hard coded DNS servers, they bypass everything and just ignore system settings. Am I understanding correctly?
Just because they implement a DNS client doesn't mean they ignore the system settings or have hard-coded servers.
In particular, I'm thinking about firefox, since as part of that thread it emerged that browsers are including their own DNS clients with things like DOH and DOT. Before I start knot-resolver, firefox cannot reach the web. Is that an indication that it does, in fact, use my DNS resolver?
DOT doesn't bypass your DNS servers and Firefox has DOH disabled by default in Fedora.
Thank you.