Project

General

Profile

Feature #8415

Add DNS over TLS (RFC 7858) fonctionality to dns resolver and forwarder

Added by Patrick Roy about 3 years ago. Updated about 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
04/02/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

See https://tools.ietf.org/html/rfc7858 for the proposed standard. The benefit to the user is out of the box DNS privacy.

Unbound seems to support TLS from their changelog but its not specified that it is '7858 compliant.

I think that for the UI, there should simply be an option to enable TLS on outgoing or incomming request and the rest should be tuck away in the advanced settings tab. By "the rest" I mean standard TLS options : port, certificate management, cipher choice etc...

There are already 2 major providers supporting it in production : Google (8.8.8.8 & 8.8.4.4) and Cloudfare (1.1.1.1 & 1.0.0.1) so testing should be easy.

History

#1 Updated by Jim Pingle about 3 years ago

  • Status changed from New to Duplicate
  • Target version deleted (2.5.0)

Duplicate of #8030

#2 Updated by Jim Pingle about 3 years ago

Actually it's a duplicate of #8388 (for upstream forwarders), #8030 is for acting as a DNS over TLS server to local clients.

Also available in: Atom PDF