Project

General

Profile

Actions

Feature #8415

closed

Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder

Added by Patrick Roy over 6 years ago. Updated over 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
04/02/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

See https://tools.ietf.org/html/rfc7858 for the proposed standard. The benefit to the user is out of the box DNS privacy.

Unbound seems to support TLS from their changelog but its not specified that it is '7858 compliant.

I think that for the UI, there should simply be an option to enable TLS on outgoing or incomming request and the rest should be tuck away in the advanced settings tab. By "the rest" I mean standard TLS options : port, certificate management, cipher choice etc...

There are already 2 major providers supporting it in production : Google (8.8.8.8 & 8.8.4.4) and Cloudfare (1.1.1.1 & 1.0.0.1) so testing should be easy.

Actions #1

Updated by Jim Pingle over 6 years ago

  • Status changed from New to Duplicate
  • Target version deleted (2.5.0)

Duplicate of #8030

Actions #2

Updated by Jim Pingle over 6 years ago

Actually it's a duplicate of #8388 (for upstream forwarders), #8030 is for acting as a DNS over TLS server to local clients.

Actions

Also available in: Atom PDF