Native Linux support for DoH (DNS over HTTPS)
 

Yesterday I had the pleasure of looking deeper into the upcoming DNS over HTTPS (or DoH). It will ensure that just like your traffic, the websites you visit can't be monitored nor easily censored by your ISP or any intermediary. It's a long overdue idea which I'm glad to hear is finally happening.

I wanted to know when the Linux networking system is going to implement native support for the technology as well. In many cases this might not be of great importance, as the home router typically handles those things whereas DoH will be implemented in web browsers directly. But it would still be interesting to know when we can expect it as a builtin feature that can be used system wide... so for instance, system commands like "curl" or "zypper dup" can also benefit from them.

AFAIK using a tool like Unbound either as a private DNS resolver for your network, with the "tls-cert-bundle" and "forward-over-tls" options enabled, or using both Unbound and dnscrypt-proxy together should give you the functionality you want, where whatever commands you issue systemwide use DNSSEC for their internet name resolution.

Systemd-resolved also has that capability if you're using a distro which has Systemd installed.