This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] Testing DNS-over-TLS support?

Next message (by thread): [atlas] Testing DNS-over-TLS support?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Mar 1 01:13:04 CET 2017

DNS-over-TLS (RFC 7858) is important for privacy but, today, few DNS
resolvers support it. It would be interesting to measure if this is
changing, but the probes do not seem to be able to query their
resolver with TLS over port 853. (Also, I seem to remember that old
probes do not have a full TLS implementation.)

It is not just a matter of encrypting the data, it's also an
authentication issue (Google Public DNS was already impersonated
<http://bgpmon.net/turkey-hijacking-ip-addresses-for-popular-global-dns-providers/>)

So, how about adding a 'use_tls': True after 'use_probe_resolver':
True?

Next message (by thread): [atlas] Testing DNS-over-TLS support?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]