Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If there are errors of glaring omission please email sara@sinodun.com 

Coming soon will be guides on how to use NGINX and other proxies to provide DNS-over-TLS, also see here.

See the DNS-over-TLS reference material page for more details on the indivudual features. 

...

 
Mode

Stub 

Recursive resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

getdns*(a)

UnboundBIND

Knot

Res

 

 

TCP/TLS Features

TCP fast open**(b) (tick)

(tick)

 

P

  (tick)
Connection reuse (Q/R, Q/R, Q/R) (tick)

(tick)

(tick)  (tick)(tick)

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)  (tick)(tick)
Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)  (tick)(tick)
EDNS0 Keepalive***(c)  (tick)     

 

 

TLS Features

TLS encryption (Port 853) (tick)(tick) (tick)(tick)(d) 
TLS authentication  (tick)     
EDNS0 Padding  (tick)     

...

  • Green square (tick) - indicates latest release already supports this functionality
  • Blue square - indicates that a patch is available in our git repo. See here for details: DNS-over-TLS patches
  • Yellow square - indicates work in progress
  • P - Requires building against a patched version of libunbound

* (a)    getdns uses libunbound in recursive mode
**  not (b)   not yet available on Windows 
*** Implies (c)    Implies robust TCP connection management (see RFC7828 and RFC7766)
(d)   See this article for how to use stunnel with BIND to provide DNS-over-TLS - thanks Francis Dupont!

Note pipelining and OOOP are not applicable for synchronous applications. 

...