Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Client/Server

Client - Stub 

Client - Recursive

Server - RecursiveServer - Auth
Software

ldns

(drill)

digit

getdns

BIND

(dig)

getdns*

UnboundBIND

Unbound

BINDNSDBIND
Port based TLS (tick)(tick)20152016(tick)(tick) (tick)20152016  
STARTTLS (tick)(tick)2015

P

   2015  
TCP fast open** (tick)

(tick)

20152016

P

   20152016  
Connection reuse (tick)

(tick)

(tick)WIPWIP (tick)(tick)(tick)(tick)

Pipelining***

n/a(tick)

(tick)

n/a2015201620152016 (tick)(tick)(tick)(tick)
OOOP***n/a (tick)

(tick)

n/a    9.11   

 

KEY:

  • Green square (tick) - indicates latest release already supports this functionality
  • Blue square - indicates that a patch is available in our git repo. See here for details: DNS-over-TLS patches
  • Yellow square - indicates work in progress
  • 2015 2016 - indicates patches planned for 20152016
  • P - Requires building against a patched version of libunbound
Info

Most of the implementations above use only the STARTTLS/CH/TXT query text to negotiate the upgrade to TLS by default (the TO bit proposed in the draft in NOT used since it is not assigned by IANA, but may be available as an option in some implementations).


*    getdns uses libunbound in recursive mode
**  available  not available on linux only Windows 
***  Pipelining and OOOP are not applicable for synchronous applications

...