Just a note: The app ‘Rethink DNS and Firewall’ can do this with any Wireguard VPN.

Do all versions of Android have this? I’m on Samsung Android 14 and I can’t find this.

Agree that we are behind with GUI support for secure DNS and I like how enthusiastic your are about the script. Unfortunately, this is just a teaser.

Actually, the functionality should be in systemd-resolved or network manager (or elsewhere maybe). And then configured via the default GUI. This will take time.

Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)

Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS

That was also my question. A broader question is how to access services on the local network that are announced through local DNS? Like your router’s web interface or any similar device.

Can you have split routing? Most queries go to our preferred DNSoverTLS endpoint, but some go to DNS53 on the local network.

This would also solve the captive portal if the host used to detect captive portals is always resolved locally.

Point for you, root is special.

The x permission on directories is exactly for this purpose. You can use the directory. You cannot read (requires rx), you cannot write (w), but you can ‘cd’ and operate on files in the directory.

This is important, you can lock someone out from a directory tree buy not giving them ‘x’ on the root. So, if your home is rwx------, no one but the owner can do anything in your home. This is effective even if some files and subdirectories have less restrictive permissions.

FeedMe

Which of those work for phone numbers (SMS validation)? Email is easy.

SSL is almost a old as Shakespeare now.

Nextdns Next DNS is nice when you want customizability.

We ignore them, mostly. You cannot miss what you don’t know.

There are plenty of options however to access software not available natively. Both VMs and Remote Desktop solution work for a wide range applications. Web-based solution can be as good as desktop programs.

So many casual applications are now either web-based or on your (not FOSS) phone, so for my personal use the thought of using Windows has never crossed my mind. Professionally, I resort to remote Windows or a Mac.

Avast bought it.

Thanks sir the note.

That’s what i use. Unfortunately it breaks some sites.

Honestly, I can’t think of a good reason. This is just how email has always worked. What Thunderbird stores locally is identical to message on the server. It’s not decrypted because no conversion happens when syncing mail.

I agree, it would make sense to keep plaintext emails locally or on a trusted server for practical reasons.

This does not answer the question. OP wants to Thunderbird to decrypt PGP mails. Yes, it makes sense to use an encrypting fs, but we are still missing this thunderbird feature.

Why not? Some VPN providers operate their own network of DNS servers to avoid leaks via DNS, e.g. mullvad.

If you explain your setup (os?), some one will help.

Interesting.

Now commented on the built-in tracker protection in Firefox? Is it useless.

Personally I bank on uBo.

Obs?