Open kovdan01 opened 1 month ago
It looks like that a similar issue was opened some time ago #1376. As far as I understood, it was not resolved yet.
This new issue can be used to track work on allowing any DoH provider and getting rid of whitelist at all. I suppose it might not be the highest priority, and I'll be happy to try to implement that by myself if I have enough time.
It looks like that currently only certain DoH providers are allowed: see the following chunk of code in https://cs.android.com/android/platform/superproject/+/master:packages/modules/DnsResolver/PrivateDnsConfiguration.h;drc=3aea8db351212126ee1420598090057c258f8335;l=259
It would be nice to also allow other DoH providers, like NextDNS.
The logic behind choosing between DoH and DoTLS does not actually look trivial (see calls to
setDot
andsetDoh
fromPrivateDnsConfiguration::set
in https://cs.android.com/android/platform/superproject/+/master:packages/modules/DnsResolver/PrivateDnsConfiguration.cpp;drc=bf52841c57f05b9caff97c80d2d86d59ecf609e4;l=115), and maybe it's even better to just have two separate options in private DNS configuration: one for those who want to use DoT, and one for DoH.Actually, one field (as right now) should be enough, and choice between DoH/DoT can be made just because resolver addresses look different (in case of NextDNS, https://dns.nextdns.io/username vs username.dns.nextdns.io). I'm not sure why it's not implemented this way right now since it seems pretty straightforward. This way, probably there would be no need for "white list" of allowed DoH resolvers, and usage of any resolver would be possible (if I'm not missing smth).
Thanks for your great work on GrapheneOS!