Status Update
No update yet.
Comments
ju...@gmail.com
vi...@google.com
We have shared this with our product and engineering team and will update this issue with more information as it becomes available.
ge...@gmail.com
Any updates on this?
ca...@gmail.com
vi...@google.com Restricted+
vi...@google.com
Once again, thank you for submitting the feature request. After following up with our product and engineering teams, the feature request will not be considered at this time. We're closing this issue for now, and thanks for sending us your feedback.
ge...@gmail.com
Wow, you guys just suck. I really can't believe this won't even be considered.
Ka...@ymail.com
zi...@gmail.com
ca...@gmail.com
It describes DoH for Android as more performant than DoT, especially for dynamic network configuration that Android devices often operate in. More critically, the post specifically praises the DoH implementation for its memory safety, an increasingly desirable attribute to meet increasingly hostile network environments.
The issue has been marked as obsolete—Are the statements in the blog post no longer true? Is there another DNS protocol which has surpassed DoH (and DoT) in performance and security, making DoH obsolete? What assurance can you provide to system administrators in highly sensitive environments about the memory safety of the DoT implementation? Was it rewritten with a more robust memory mode (i.e. Rust), matching the safety of the DoH implementation? Was RFC 9462 implemented, as stated in the post, making this *specific* issue of a user-accessible DoH setting obselete, but leaving DoH in the system, to be selected by DDR? If not, is the existing DoH implementation going to be removed?
Looking forward to getting clarification on this.
Caleb Allen
da...@gmail.com
Not cool guys.
co...@gmail.com
mo...@gmail.com
tr...@gmail.com
ge...@gmail.com
I invite all of you to join this new issue, let's make a lot of noise so they finally don't have any other choice but actually developing this. Spread the word, and comment express your thoughts!
Ka...@ymail.com
ko...@gmail.com
ca...@gmail.com
vi...@gmail.com
I'd like to use NextDNS via DoH instead of DoT, so it won't be blocked in certain network environments.
ra...@google.com
ge...@gmail.com
Thank you for reconsidering this! Would it be possible to increase the priority and severity? The new issue was automatically assigned P3 S3 and I think this should be considered the same
is...@gmail.com
ma...@google.com
Anything added to this list is basically set in *stone* for like a decade or more,
since in spite of this being in mainline updatable DnsResolver code, not *all* devices take updates. Even those Android devices that do reliably take mainline updates (primarily phones & tablets) eventually fall out of the support window (and thus stop receiving updates). For example we're no longer updating Android 10 [Q] devices (note: this is the very beginning of project mainline, and very few devices are affected, since most of these were Pixels and received an OTA platform upgrade to 11+/R+).
This means this *cannot* be hardcoded, and must instead be autodetected from the network...
It is my understanding that both Google and Cloudflare have made explicit commitments to not change the setup in the foreseeable future [ie. many many years]... Among other things, making such a commitment basically requires owning the IP space.
There is a way to perform DoH autodetection (the specific RFC escapes me, there might even be two or more ways), but that is significantly more effort to implement...
That said, Android is an open source project and reasonable outside contributions (with sufficient test coverage) will certainly be considered for inclusion.
ze...@gmail.com
Check that DoH provider list is not used if DDR is enabled,
So it looks like there's some ongoing work on DOH discoverability via DDR.
ca...@gmail.com
is...@gmail.com
is...@gmail.com
@Google/Android Team - I understand the challenges of maintaining a global list of DoH servers, but the request isn't for a preconfigured list - it's simply for the ability to specify a custom DoH URL. This would allow advanced users to configure their own preferred DoH provider while keeping the default Google and Cloudflare options for those who prefer a simpler setup. Implementing this would enhance flexibility without adding significant maintenance overhead.
Evidently, this is a sought-after feature, as the request has received four-figure views in the past seven days, highlighting strong user interest within the Android Community.
ge...@gmail.com
I agree with
Ideally we should also have the option for specifying a fallback plaintext dns resolver, right now we can do adb shell settings put global private_dns_specifier cloudflare-dns.com, there should be a adb shell settings put global dns_specifier 8.8.8.8
Description
I think I speak for lots of people when I say we would like to have a proper DoH implementation at a system level.
DoT is widely supported and that's ok, but it has many drawbacks, the main one being that it's extremely easy to block (lots of public wifi APs block them so you have to disable encrypted dns and re enable it afterwards) so DoH would be a much nicer option to have (even by default).
I just can't understand how only two dns resolvers were hardcoded into this file and left there to rot since 2022 (the hardcoded cloudflare resolver 'cloudflare-dns.com' barely even works).https://cs.android.com/android/platform/superproject/main/+/main:packages/modules/DnsResolver/PrivateDnsConfiguration.h;l=261
Could you please allow users to choose if they want to use DoH/DoT (DoH should be default instead of DoH) and allowing any dns server such as nextdns, opendns, adguard, etc? Other OS such as Windows 11 already allow this and this is a MUST in 2024 in my opinion.