Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This table lists the best understanding of  current the current status of DNS-over-TLS related features in the latest stable releases of a selection of commonly used open source DNS software.

If there are errors of or glaring omission please email sara@sinodun.com 

Coming soon will be guides on how to use NGINX and other proxies to provide DNS-over-TLS, also see here. Note that this will still require the nameserver to have full robust TCP capabilities for (as described in Sections 6.2.2 and 10 of RFC7766) for production level service. Any server that fully implements EDNS0 Keepalive (RFC7828) should meet this criteria. 

See the DNS-over-TLS reference material page for more details on the indivudual individual features. 

Clients

Mode

Stub 

Recursive resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

Go
DNS 

Knot

(kdig)

getdns(a)

UnboundBIND

Knot

Res

 

 

TCP/TLS Features

TCP fast open(b) (tick)

(tick)

   

P

  (tick)
Connection reuse (Q/R, Q/R, Q/R) (tick)

(tick)

(tick)    (tick)(tick)

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)    (tick)(tick)
Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)    (tick)(tick)
EDNS0 Keepalive(c)  (tick)       

 

 

TLS Features

TLS encryption (Port 853) (tick)(tick)   (tick)(tick)  
TLS authentication  (tick)       
EDNS0 Padding  (tick)       

...