How the fuck am I supposed to know that Network Manager won’t support DNS over TLS
Read the documentation? Use google?
The very first hit when you google "dns over tls tumbleweed" provides the answer: https://dev.to/archerallstars/using-dns-over-tls-on-opensuse-linux-in-4-easy-steps-enable-cloud-firewall-for-free-today-2job
A more generic query "dns over tls linux" gives this, which works just the same: https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c
Both google searches return several more hits that basically say the same thing.
Even the NetworkManager reference manual refers you to systemd-resolved as the solution: https://www.networkmanager.dev/docs/api/latest/settings-connection.html
Key Name | Value Type | Description |
---|---|---|
dns-over-tls | int32 | Whether DNSOverTls (dns-over-tls) is enabled for the connection. DNSOverTls is a technology which uses TLS to encrypt dns traffic. The permitted values are: "yes" (2) use DNSOverTls and disabled fallback, "opportunistic" (1) use DNSOverTls but allow fallback to unencrypted resolution, "no" (0) don't ever use DNSOverTls. If unspecified "default" depends on the plugin used. Systemd-resolved uses global setting. This feature requires a plugin which supports DNSOverTls. Otherwise, the setting has no effect. One such plugin is dns-systemd-resolved. |
I don't use NetworkManager, I've never even used Tumbleweed and I found the answer in all of 10 minutes. Of course that doesn't help if you're so clueless that you didn't even know that you were using DNS-over-TLS, or that DoT is a very recent development that differs significantly from regular DNS and that it requires a DNS resolver that supports it.
when every other operating system does?
Like Windows 10? (Hint: it doesn't)
You use Arch. Mr skillful
Who cares what I use. When I'm messing with something I don't understand, I at least read the documentation first instead of complaining on the internet and calling the whole community toxic and, I quote, "Butthurt Linux gobblers" when you get the slightest bit of pushback.
That's not surefire, unless you're doing it offline. If the data is in motion (like a database that's being updated), you will end up with an inconsistent or corrupt backup.
Surefire in that case would be something like an lvm snapshot.
No love for Rocky?
Also Oracle Linux is still free, and fully compatible with RHEL.