It would be great to be able to enable this on the for better privacy and security, or something like it.
It seems so new that nothing out there (including dnsmasq) supports it, so it is out of scope.
I know, but you have been mislead by the title of this thread. The user is actually asking for DNS-over-HTTPS instead of DNSSEC. Maybe he was not aware of the difference himself.
The idea behind DNS-over-HTTPS is not to verify the answer like with DNSSEC but to encrypt the communication with the upstream DNS server. DNSSEC is useful for checking data integrity and origin authentication of DNS data but not for confidentiality.
1 Like
Sorry, my bad. I thought both were same.
An example of dns-over-https
>>> from dns_over_https import SecureDNS
>>> r = SecureDNS()
>>> r.gethostbyname('pi-hole.net')
>>> r = SecureDNS(query_type='AAAA')
>>> r.gethostbyname('www.google.com')
>>> r.resolve('www.mit.edu')
But after looking into it it wouldn't be easy enough for the current DEV's to bother implementing, but maybe in the future it will be.
DNSSEC has more overhead so not ideal for deployment on a Pi but would be great to have.
We will implement DNSSEC at some point in the future. However, we are currently working on a major improvement of our backend to greatly enhance the user experience with the web interface. Therefore, all of our free time is currently blocked and feature requests are a bit on hold.
2 Likes
I'm excited for web improvements. I asked a while back how to remove certain hosts from the WebUi and it showed up in the next release. You guys are doing amazing work, keep it up.
Well, that is exactly the point. We implemented a lot of advanced filtering mechanisms over the last couple of months and they all have to be rebuild with the new backend consuming a vast amount of time 