search

AdguardTeam / AdguardForiOS

The most advanced ad blocker for iOS
https://adguard.com/
GNU General Public License v3.0
1.45k stars 203 forks source link

[Feature request] Automatically upgrade unencrypted DNS systems #1546

Open bigdargon opened 4 years ago

bigdargon commented 4 years ago

Problem Description

Users do not trust third-party DNS servers and want to randomly use system DNS.

Proposed Solution

Automatically switch to encrypted DNS for each system DNS server. For example, Wifi A has a DNS of 8.8.8.8, then automatically upgrade to DoH; when switching to wifi B with DNS 1.1.1.1, it will automatically upgrade to DoH; but when switching to wifi C without DoH (like carrier's DNS), continue to use unencrypted DNS.

This feature can be set in developer mode, for testing before official release.

Additional Information

Chrome browser is currently testing an automatic upgrade feature for encrypted DNS. Details: https://www.chromium.org/developers/dns-over-https

FAQ
Q: Do you plan to support a canary domain similar to Mozilla's use-application-dns.net?
A: We have no plans to support this approach. We believe that our deployment model is significantly different from Mozilla's, and as a result canary domains won't be needed. In particular, our deployment model is designed to preserve the current user experience, i.e. auto-upgrading to the current DNS provider's DoH server which offers the same features.

Q: How will Chrome's auto-upgrade approach work with Split Horizon?
A: Chrome's auto-upgrade approach does not change the DNS provider, and is designed to preserve the same user experience. Split Horizon setups should continue to work as is. Furthermore, managed deployments should be automatically opted-out, and administrators can use policies to control the feature.
seia-soto commented 4 years ago

DoH, DoT and eSNI support will be nice! +1 to this.

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

bigdargon commented 4 years ago

.

zzebrum commented 4 years ago

Well, I'm not sure that we should change anything without user's concern.

bigdargon commented 4 years ago

@zzebrum Agree! User choice is the most important. This feature is not enabled by default, users will want to use encrypted DNS to enable it manually. When the network has an encrypted DNS support, the application will automatically switch.