Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Hosted byIP addressesHostname for TLS
authentication
Base 64 encoded (and hex) form of SPKI pin for TLS
authentication (RFC7858)
Supports
RFC7858

Supports

RFC7766 fully

SoftwareNotes
getdnsapi.net

185.49.141.38

2a04:b900:0:100::38

getdnsapi.net

foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=

(7e8c59467221f606695a797ecc488a6b4109dab7421aba0c5a6d3681ac5273d4)

NoNoUnbound 
Surfnet

145.100.185.15

2001:610:1:40ba:145:100:185:15

dnsovertls.sinodun.com

oTLTTTTBgXZTN8cLg+Npe5Uk3dsFpxGLQ8AoQDPVoMw=

(A132D34D34C181765337C70B83E3697B9524DDDB05A7118B43C0284033D5A0CC)

No

No, but does do concurrent
processing of queries.

Supports TFO

HAProxy + BINDOnly listening on TLS on port 853
Surfnet

145.100.185.16

2001:610:1:40ba:145:100:185:16

dnsovertls1.sinodun.com

ZZtB6wjcxw7p1iTmIZx27jGVTaFUiwyFGerlIoyyQVA=

(659B41EB08DCC70EE9D624E6219C76EE31954DA1548B0C8519EAE5228CB24150)

NoNo, but does do concurrent
processing of queries
Nginx + BINDOnly listening on TLS on port 853
OARCSee OARC website    Unbound 

 

How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2

  • Obtain the server key file

  • Configure the key in wireshark in Edit->Preferences

    • open the protocol list in the right hand menu and select SSL from the list
    • Click on the RSA keys list 'Edit' box and then click on 'New' in the dialog that appears
      • Enter remote servers IP address e.g.173.255.254.151 and the port for TLS (1021), and 'http' or 'spdy' for the protocal (DNS is not yet available here).
      • Use the Key File selector to choose the key file you downloaded
    • Save this by hitting OK, OK and Apply.
    • Back in the main window use the Analyze->Decode as... option to choose to decode as SSL
    • Click on one of the packets labelled 'Application data' and you should see an additional tab appear in the Packet bytes view window of wireshark labelled "Decrypted SSL data".