On 2020-05-02 14:35, Reindl Harald wrote:
Am 02.05.20 um 21:31 schrieb Chuck Aurora:
On 2020-05-02 13:23, Erich Eckner wrote:
Will there be client-side DoT/DoH support in bind, too? E.g. will my
recursive (or forwarding) resolver be able to resolve upstream dns
via
Well, a recursive resolver cannot use DoT/DoH for iterative queries to
authoritative NS servers, unless authoritative servers offered
DoT/DoH,
and I don't think that's likely to happen.
Basically by deciding you want DoH/DoT upstream, you also have decided
that you want to use forwarders.
says who?
https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians
Thanks for the reply, but FWIW, I don't have a clue what point you
intended to make? I looked at that CIRA page twice, and it is simply
a DoH/DoT forwarder. Absolutely nothing in that release mentions any
change in DNS protocol.
DoH/DoT covers only one hop: the end user to the recursive resolver.
Beyond that one hop is good old-fashioned unencrypted DNS. By using
DoH/DoT, whether in your own stub resolver or in a [future] BIND, you
are using that DoH/DoT server as your forwarder.
(Harald, please feel free to ignore Reply-To if you are unable to
post to the list. Thanks.)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
