Quick morning coffee and I've finally got myself a #Haskell DNS server bridge to #GNUnet GNS (via REST service, direct bindings being WIP).
It works as a system-wide resolver, having a fallback delegation, but the damn browsers are still refuse to use it for good. Too much smarts, caching and "security" levels piled on top of each other.
Got resolving in browsers working with a HTTPS proxy in front of it.
Wow. Much security. Very sockets. D'oh!
Now I need some kind of certificate pinning instead of common name "validation" and "trust" roots.
I understand DNS was FUBAR from the get go and published certificate bits would get screwed the same way as the address itself, but now we've got some alternatives.
It's time to... #AbolishICANN 
l'empathie mécanique