This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Testing DNS-over-TLS support?
- Next message (by thread): [atlas] Testing DNS-over-TLS support?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Mar 1 01:13:04 CET 2017
DNS-over-TLS (RFC 7858) is important for privacy but, today, few DNS resolvers support it. It would be interesting to measure if this is changing, but the probes do not seem to be able to query their resolver with TLS over port 853. (Also, I seem to remember that old probes do not have a full TLS implementation.) It is not just a matter of encrypting the data, it's also an authentication issue (Google Public DNS was already impersonated <http://bgpmon.net/turkey-hijacking-ip-addresses-for-popular-global-dns-providers/>) So, how about adding a 'use_tls': True after 'use_probe_resolver': True?
- Next message (by thread): [atlas] Testing DNS-over-TLS support?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]