DNS Privacy
Links
DNS Privacy Project homepage
DPRIVE
getdns
NLnet Labs
Sinodun
...
If there are errors or glaring omission please email sara@sinodun.com Coming soon will be guides on
Info |
---|
Also see guides on how to use NGINX and other proxies |
...
to provide DNS-over-TLS, also |
...
see here. |
...
|
This works with a couple of provisos:
...
See the DNS -over-TLS Privacy reference material page for more details on the individual features.
Mode | Stub | Recursive resolver | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Software | (drill) | digit | (Stubby) | BIND (dig) | Go DNS | Knot (kdig) | getdns(a) | Unbound | BIND | Knot Res |
TCP/TLS Features | TCP fast open(b) |
---|
P |
Connection reuse (Q/R, Q/R, Q/R) |
---|
Pipelining of queries(Q,Q,Q,R,R,R) | n/a |
---|
Process OOOR (Q1,Q2,R2,R1) | n/a |
---|
EDNS0 Keepalive(c) |
TLS Features | TLS encryption (Port 853) |
---|
TLS authentication |
---|
EDNS0 Padding |
---|
Mode | Recursive | Auth | |||||
---|---|---|---|---|---|---|---|
Software | BIND | Knot Res | NSD | BIND | Knot Auth |
TCP/TLS Features | TCP fast open** |
---|
Process Pipelined queries | ||||||
---|---|---|---|---|---|---|
Provide OOOR | WIP | n/a | n/a | n/a | ||
EDNS0 Keepalive*** | WIP |
TLS Features | TLS encryption (Port 853) | (d) |
---|
Provide TLS auth credentials | (d) |
---|
TLS DNSSEC Chain Extension | ||||||
---|---|---|---|---|---|---|
EDNS0 Padding (basic) |
KEY:
...
Note pipelining and OOOP are not applicable for synchronous applications.