Project

General

Profile

Actions

Feature #8602

closed

DNS over TLS host verification

Added by Andrew M over 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
DNS Resolver
Target version:
Start date:
06/26/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Currently at 1.6.8 in release, and 1.7.0 on devel. Unbound 1.7.1 includes this feature (see release notes):

- Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". such as forward-addr: 9.9.9.9@853#dns.quad9.net or 1.1.1.1@853#cloudflare-dns.com

Without this there’s no verification of the authenticity of the connection, and it is thus susceptible to a MITM attack.

Requisite GUI changes related to #8388 may also be needed.

Actions

Also available in: Atom PDF