nsd users - Mar 2019 - DoT on the Auth side?

On 15-03-19 13:29, A. Schulze wrote:
> Am 15.03.19 um 11:10 schrieb Anand Buddhdev:
>> DoT is most useful between stub resolvers and their upstream recursive
>> resolvers, because this is the path that is most often snooped and
>> mangled by men-in-the-middle.
> 
> it's correct. DoT between resolver and authoritative DNS servers is not
finally specified.
> But there is desire to use similar technology.
> 
> Attached a patch that enable TLS support in unbound. I'm currently
unsure about the author (not my self)
It is Sara Dickinson's (Sinodun), see:

	https://portal.sinodun.com/stash/projects/TDNS/repos/dns-over-tls_patches/browse/nsd-4.1.0_dns-over-tls.patch

On 19/03/15 14:05, Willem Toorop wrote:
> On 15-03-19 13:29, A. Schulze wrote:
>> Am 15.03.19 um 11:10 schrieb Anand Buddhdev:
>>> DoT is most useful between stub resolvers and their upstream
recursive
>>> resolvers, because this is the path that is most often snooped and
>>> mangled by men-in-the-middle.
>> it's correct. DoT between resolver and authoritative DNS servers is
not finally specified.
>> But there is desire to use similar technology.
>>
>> Attached a patch that enable TLS support in unbound. I'm currently
unsure about the author (not my self)
> It is Sara Dickinson's (Sinodun), see:
>
> 
https://portal.sinodun.com/stash/projects/TDNS/repos/dns-over-tls_patches/browse/nsd-4.1.0_dns-over-tls.patch
Thanks, that's useful!

NLnetLabs: Any plans to integrate this patch into nsd's sources ?

Thx,

/P