Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See the DNS Privacy reference material page for more details on the individual features. 

Clients

Mode

Stub 

Recursive resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

Go
DNS 

Knot

(kdig)

getdns(a)

UnboundBIND

Knot

Res

 

 



TCP/TLS Features

TCP fast open(b)
 

(tick)

(tick)

   



P

  


(tick)
Connection reuse (Q/R, Q/R, Q/R)
 

(tick)

(tick)

(tick)(tick)
    
(tick)

(tick)(tick)

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)
 
(tick)
 
(tick)
  


(tick)(tick)
Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)
    




(tick)(tick)
EDNS0 Keepalive(c)
  

 

 



(tick)
       









TLS Features

TLS encryption (Port 853)
 

(tick)(tick)
(tick)
  
(tick)(tick)(tick)
  


TLS authentication
  


(tick)
       







EDNS0 Padding
 

(tick)(tick)
  


(tick)
    




Servers

ModeRecursiveAuth
Software

Unbound

BIND

Knot

Res

NSDBIND

Knot

Auth

 


TCP/TLS Features

TCP fast open**
 
(tick)
 
(tick)(tick)
  

 



(tick)

Process Pipelined queries

(tick)(tick)(tick)(tick)(tick)(tick)
Provide OOORWIP(tick)(tick)n/an/an/a
EDNS0 Keepalive***WIP
     







TLS Features

TLS encryption (Port 853)(tick)(d)
    
(tick)


Provide TLS auth credentials(tick)(d)
    
(tick)


EDNS0 Padding
  WIP   

 



(tick)



KEY:

  • Green square (tick) - indicates latest release already supports this functionality
  • Blue square - indicates that a patch is available in our git repo. See here for details: DNS-over-TLS patches
  • Yellow square - indicates work in progress, or availabe in next release
  • P - Requires building against a patched version of libunbound

...

Note pipelining and OOOP are not applicable for synchronous applications.