2018 thread:

On 14/06/2018 22:32, Kurt H Maier wrote:
> On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jończyk wrote:
>>
>> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, for
>> example in constrained environments like home routers?
>>
>
> This should be handled with a wrapper program. HTTP/2.0 is an enormous
> and ill-defined specification and it would not be appropriate to bolt it
> directly into dnsmasq. A dedicated HTTP/2.0 daemon can talk to dnsmasq
> on the backend to provide this service. Home routers are not
> particularly constrained in this regard, since they generally have web
> services running to begin with.


It's much more than that. To be secure, TLS requires time, entropy and a CA
list. Many home routers fails at having all three, or require the DNS to get
time and CAs...
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12203.html