Am 15.03.19 um 11:10 schrieb Anand Buddhdev:> DoT is most useful between stub resolvers and their upstream recursive > resolvers, because this is the path that is most often snooped and > mangled by men-in-the-middle.it's correct. DoT between resolver and authoritative DNS servers is not finally specified. But there is desire to use similar technology. Attached a patch that enable TLS support in unbound. I'm currently unsure about the author (not my self) Maybe the maintainer like to give that patch a chance. Andreas -------------- next part -------------- A non-text attachment was scrubbed... Name: nsd-tls-4.1.26.patch Type: text/x-patch Size: 39748 bytes Desc: not available URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190315/a59fa0ad/attachment.bin>
s/unbound/nsd/ of course ... Am 15.03.19 um 13:29 schrieb A. Schulze:> Attached a patch that enable TLS support in unbound.
On 15-03-19 13:29, A. Schulze wrote:> Am 15.03.19 um 11:10 schrieb Anand Buddhdev: >> DoT is most useful between stub resolvers and their upstream recursive >> resolvers, because this is the path that is most often snooped and >> mangled by men-in-the-middle. > > it's correct. DoT between resolver and authoritative DNS servers is not finally specified. > But there is desire to use similar technology. > > Attached a patch that enable TLS support in unbound. I'm currently unsure about the author (not my self)It is Sara Dickinson's (Sinodun), see: https://portal.sinodun.com/stash/projects/TDNS/repos/dns-over-tls_patches/browse/nsd-4.1.0_dns-over-tls.patch