This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] Testing DNS-over-TLS support?

Previous message (by thread): [atlas] Testing DNS-over-TLS support?
Next message (by thread): [atlas] Testing DNS-over-TLS support?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Philip Homburg philip.homburg at ripe.net
Wed Mar 1 13:52:04 CET 2017

Hi Stephane,

On 2017/03/01 1:13 , Stephane Bortzmeyer wrote:
> DNS-over-TLS (RFC 7858) is important for privacy but, today, few DNS
> resolvers support it. It would be interesting to measure if this is
> changing, but the probes do not seem to be able to query their
> resolver with TLS over port 853. (Also, I seem to remember that old
> probes do not have a full TLS implementation.)

What works today is the sslgetcert measurement and traceroute with tcp.

That should give some idea about how often 853 is blocked.

At the moment, no probes have a full tls implementation (in the
measurement code).

> So, how about adding a 'use_tls': True after 'use_probe_resolver':
> True?

That makes sense, but there are a lot of things to do wrt probe code.

Philip

Previous message (by thread): [atlas] Testing DNS-over-TLS support?
Next message (by thread): [atlas] Testing DNS-over-TLS support?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]