Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This table lists the current status of DNS-over-TLS related features in the latest stable releases of a selection of commonly used DNS software. 

...

Clients

Client - Unbound  Connection reuse(tick)WIP(tick)n/a TLS authentication
Mode

Stub 

Recursive

Server - RecursiveServer - Auth

resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

getdns*

UnboundBIND

Knot

BINDNSDBINDPort based TLS

Res

 

(tick)(tick)

 

(tick)(tick) (tick)   

TCP/TLS Features

TCP fast open** (tick)

(tick)

 

P

   
Connection reuse (Q/R, Q/R, Q/R) (tick)

(tick)

(tick)  (tick)(tick)WIP

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)  (tick)(tick)
Pipelining***Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)  (tick)(tick)(tick)

 

 

(tick)OOOP***

TLS Features

TLS encryption (Port 853) (tick)(tick) (tick)(tick)  
TLS authentication  (tick)WIP     
EDNS0 Padding  (tick)     
EDNS0 Keepalive  (tick)  2016   

Servers

(tick)2016
ModeRecursiveAuth
Software

Unbound

BIND

Knot

Res

NSDBIND

Knot

Auth

 

TCP/TLS Features

TCP fast open**  (tick)   EDNS0 Padding

Process Pipelined queries

(tick)(tick)(tick)(tick)(tick)(tick)
Provide OOORWIP(tick)(tick)   

 


TLS Features

TLS encryption (Port 853)(tick) (tick)   
Provide TLS auth credentials(tick) (tick)   
EDNS0 KeepalivePadding      
EDNS0 KeepaliveWIP     

 

KEY:

  • Green square (tick) - indicates latest release already supports this functionality
  • Blue square - indicates that a patch is available in our git repo. See here for details: DNS-over-TLS patches
  • Yellow square - indicates work in progress
  • 2016 - indicates patches planned for 2016
  • P - Requires building against a patched version of libunbound

*    getdns uses libunbound in recursive mode
**  not yet available on Windows 
***  Pipelining Note pipelining and OOOP are not applicable for synchronous applications

...