Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15723 > unrolled thread

Re: DoH plugin for BIND

Back to article view | Back to comp.protocols.dns.bind

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: DoH plugin for BIND Chuck Aurora <ca@nodns4.us> - 2020-05-05 11:20 -0500

#15723 — Re: DoH plugin for BIND

On 2020-05-02 14:35, Reindl Harald wrote:
> Am 02.05.20 um 21:31 schrieb Chuck Aurora:
>> On 2020-05-02 13:23, Erich Eckner wrote:
>>> Will there be client-side DoT/DoH support in bind, too? E.g. will my
>>> recursive (or forwarding) resolver be able to resolve upstream dns 
>>> via
>> 
>> Well, a recursive resolver cannot use DoT/DoH for iterative queries to
>> authoritative NS servers, unless authoritative servers offered 
>> DoT/DoH,
>> and I don't think that's likely to happen.
>> 
>> Basically by deciding you want DoH/DoT upstream, you also have decided
>> that you want to use forwarders.
> 
> says who?
> 
> https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians

Thanks for the reply, but FWIW, I don't have a clue what point you
intended to make?  I looked at that CIRA page twice, and it is simply
a DoH/DoT forwarder.  Absolutely nothing in that release mentions any
change in DNS protocol.

DoH/DoT covers only one hop: the end user to the recursive resolver.
Beyond that one hop is good old-fashioned unencrypted DNS.  By using
DoH/DoT, whether in your own stub resolver or in a [future] BIND, you
are using that DoH/DoT server as your forwarder.

(Harald, please feel free to ignore Reply-To if you are unable to
post to the list.  Thanks.)

[toc] | [standalone]

Back to top | Article view | comp.protocols.dns.bind

csiph-web