Thanks - good information are you getting my emails to your gmail email? suggestion add 'to search for mbed TLS only' to '--disable-openssl' switch :) why don't you like dnssec? On Sat, 1 Jun 2024 21:58:42 +0200 Rodrigo Arias <rodarima@gmail.com> wrote:
Hi,
On Sat, Jun 01, 2024 at 01:27:07PM -0600, pastebin@gmx.com wrote:
Hi
could someone give me an idea about dillo using 'dns over tls' or 'dns over https'? or using dnssec?
The mobilized fork has added support for it, as it is provided by libcurl (which they have switched to):
20240522: New tarball. To enable DNS-over-HTTPS (DoH), you can now set the preference dns_over_https_url.
https://www.toomanyatoms.com/software/mobilized_dillo.html
My recommendation is to setup a local resolver on your machine, so all name resolution is handled by it, not just Dillo. Then you can use whatever mechanism you want (DoH, DoT, DNSSEC...).
This would be especially useful if you download a file with Dillo, as it would launch an external wget process. Or if you use any plugin that performs network operations on its own.
Here are some docs (even if you don't use Arch):
https://wiki.archlinux.org/title/DNS-over-HTTPS https://wiki.archlinux.org/title/DNSSEC
I didn't check on my own how well that works, but I would rather keep it out of Dillo if posible.
what about dillo using mbed-tls vs openssl? the configuration only shows a --disable-mbedtls
The DNS resolution is done prior to interacting with any TLS library. There is also a --disable-openssl switch to search for mbed TLS only, see ./configure --help.
Best, Rodrigo. _______________________________________________ Dillo-dev mailing list -- dillo-dev@mailman3.com To unsubscribe send an email to dillo-dev-leave@mailman3.com