Download | Devuan.org | Git | Bugs | Packages

The officially official Devuan Forum!

You are not logged in.

Pages: 1

#1 2026-01-01 12:45:39

onedevone
Member
Registered: 2026-01-01
Posts: 13  

Fail With DOT

For years I have been managing Artix, but I had never had a success on Devuan 5. Nor do I know how to set up network on Devuan.

What is happening:

1. I put DOT capable IPs in KDEs network manager GUI. Testing shows, that not DOT is used. Plain queries sad((. It should be default, but isn't. It's been buffling me for years that you don't do this by default. This bears the question if you use your own creationa at all. If you were then you wouldn't allow plain text DNS querries, would you? I don't understand this behavior of nm.

2. I looked for "stubby-openrc" but cannot find it. I also theoreticaly could "cap_net_bind blah blah" reprogramm it (systemd has stubby working out of the box!). But I'm stuck and I don't want to dwell on it.

HOW do you (step by step) do stubby on open-rc Devuan 6? THIS IS A COMPLETE SHOWSTOPPER FOR ME. I cannot continue the setup until I have this issue resolved.

DOT via stubby works like charm on Artix runit.

How do you do this on Devuan 6 Opne-RC? Your help is going to be immensly appreciated.

Thanks.

Offline

#2 2026-01-02 04:22:54

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,624  

Re: Fail With DOT

What is DOT ?

Offline

#3 2026-01-02 05:48:01

steve_v
Member
Registered: 2018-01-11
Posts: 669  

Re: Fail With DOT

ralph.ronnquist wrote:

What is DOT ?

DNS over TLS, AKA a somewhat less retarded attempt to break the 'net than DoH, from the usual paranoia crowd who think moving trust from their ISP to some other random entity (usually Google or Cloudflare) is progress.

onedevone wrote:

you wouldn't allow plain text DNS querries, would you?

DNS is handled on my router, because I have a brain.

onedevone wrote:

I don't understand this behavior of nm

Then you should probably ask RedHat, Devuan didn't write NetworkMangler.

onedevone wrote:

I looked for "stubby-openrc" but cannot find it.

What makes you think someone else should write your init scripts for you?
The stubby package comes with a sysvinit script, because that's the default init. OpenRC is supported, but you don't get everything handed to you on a silver platter.
If you want an openrc init script, swiping it from Artix will probably work without too much modification. Otherwise, writing your own isn't complicated.

onedevone wrote:

THIS IS A COMPLETE SHOWSTOPPER FOR ME.

Huh, what a coincidence. Shouting is a complete showstopper for me providing any kind of spoon feeding step-by-step instructions.

onedevone wrote:

Your help is going to be immensly appreciated.

With the entitled and confrontational attitude you've displayed in all your posts so far, I'll be surprised if you get much of that.

Last edited by steve_v (2026-01-02 05:57:29)

Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#4 2026-01-02 06:21:16

HardSun
Member
Registered: 2025-07-29
Posts: 72  

Re: Fail With DOT

OP reads like some AI slopper someone is posting for shits and giggles from 4chan.

Offline

#5 2026-01-02 16:43:33

trinidad
Member
From: Waterford WI
Registered: 2022-11-15
Posts: 43  
Website

Re: Fail With DOT

a somewhat less retarded attempt to break the 'net than DoH, from the usual paranoia crowd who think moving trust from their ISP to some other random entity (usually Google or Cloudflare) is progress

https://en.wikipedia.org/wiki/DNS_over_HTTPS

@steve_v   Wow two times in one week you have put a smile on my old face. Thank you!

TC

Often unawares.

Offline

#6 2026-01-05 17:45:56

abower
Member
Registered: 2024-04-19
Posts: 28  

Re: Fail With DOT

The initscript for stubby didn't make it in before the Debian Trixie freeze: https://tracker.debian.org/news/1650899 … erimental/

If anyone wants the current version in Excalibur it might be worth politely indicating on the Debian BTS that there would be demand for a stable backport.

Offline

#7 Yesterday 08:40:01

onedevone
Member
Registered: 2026-01-01
Posts: 13  

Re: Fail With DOT

Toxic answeres. DOT is not something to be laughed at as is not my alias for wget with PFS for using it among others with Devuan servers.

Offline

#8 Yesterday 08:48:20

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,624  

Re: Fail With DOT

what is PFS now? Is language too hard to be written in full?

Offline

#9 Today 02:45:11

steve_v
Member
Registered: 2018-01-11
Posts: 669  

Re: Fail With DOT

ralph.ronnquist wrote:

what is PFS

man wget wrote:

       --secure-protocol=protocol
           Choose the secure protocol to be used.  Legal values are auto,
           SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3 and PFS.  If
           auto is used, the SSL library is given the liberty of choosing
           the appropriate protocol automatically, which is achieved by
           sending a TLSv1 greeting. This is the default.

           Specifying SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2 or TLSv1_3
           forces the use of the corresponding protocol.  This is useful
           when talking to old and buggy SSL server implementations that
           make it hard for the underlying SSL library to choose the
           correct protocol version.  Fortunately, such servers are quite
           rare.

           Specifying PFS enforces the use of the so-called Perfect
           Forward Security cipher suites. In short, PFS adds security by
           creating a one-time key for each SSL connection. It has a bit
           more CPU impact on client and server.  We use known to be
           secure ciphers (e.g. no MD4) and the TLS protocol. This mode
           also explicitly excludes non-PFS key exchange methods, such as
           RSA.

i.e. more paranoia BS, from someone with likely little idea what it actually does or what attacks it might defend against, since they apparently need "step by step" instructions to write a trivial init script.

Next will be out-of-repo "privacy" browsers, VPNs, and whatever go-fast shiny-new-shit is popular on Arch/Artix right now.

onedevone wrote:

Toxic answeres.

"Toxic" OP, complete with entitlement, shouting, and misguided assertions that your personal preference regarding DNS should be a distro-wide default.

onedevone wrote:

DOT is not something to be laughed at

I'm not laughing at DoT, I'm laughing at people who consider it not being enabled by default and integrated into some random GUI a "complete showstopper".
Devuan, like Debian, comes with a standard DNS configuration by default. If you want something else, it's on you to read the documentation and set it up.
Likewise init systems - sysv is the default and best supported. If you want something else, all the parts are available but you get to assemble them.

Last edited by steve_v (Today 02:53:30)

Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

Pages: 1

Board footer

Forum Software