Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Be aware that a client will think it is talking to a DNS-over-TLS server and so may keep connections open when idle even when not using EDNS0 Keepalive (as allowed by RFC7858 ). The nameserver will see only TCP connections which were historically used just for one-shot TCP and may not be robust to many long-lived connections.
  • Therefore this still requires will work much better if the nameserver to have has robust TCP capabilities (as described in Sections 6.2.2 and 10 of RFC7766), and would be required for production level service. Any server that fully implements EDNS0 Keepalive (RFC7828) should meet this criteria.

...

Mode

Stub 

Recursive resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

Go
DNS 

Knot

(kdig)

getdns(a)

UnboundBIND

Knot

Res

 

 

TCP/TLS Features

TCP fast open(b) (tick)

(tick)

   

P

  (tick)
Connection reuse (Q/R, Q/R, Q/R) (tick)

(tick)

(tick)    (tick)(tick)

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)    (tick)(tick)
Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)    (tick)(tick)
EDNS0 Keepalive(c)  (tick)       

 

 

TLS Features

TLS encryption (Port 853) (tick)(tick)  (tick)(tick)(tick)  
TLS authentication  (tick)       
EDNS0 Padding  (tick)       

...

WIPWIP
ModeRecursiveAuth
Software

Unbound

BIND

Knot

Res

NSDBIND

Knot

Auth

 

TCP/TLS Features

TCP fast open**  (tick)  (tick)

Process Pipelined queries

(tick)(tick)(tick)(tick)(tick)(tick)
Provide OOORWIP(tick)(tick)n/an/an/a
EDNS0 Keepalive***WIP     

 


TLS Features

TLS encryption (Port 853)(tick)(d)    
Provide TLS auth credentials(tick)(d)    
EDNS0 Padding  WIP   

 

...