DNS Privacy Project

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 37 Next »

Implementation Status

This table lists the current status of DNS-over-TLS related features in the latest stable releases of a selection of commonly used DNS software. 

Client/Server

Client - Stub 

Client - Recursive

Server - RecursiveServer - Auth
Software

ldns

(drill)

digit

getdns

BIND

(dig)

getdns*

UnboundBIND

Unbound

BINDNSDBIND
Dedicated TLS   2015    2015  
STARTTLS  WIP2015

WIP

   2015  
TCP fast open**  

 

2015

!

   2015  
Connection reuse  

 

 WIPWIP     

Pipelining***

n/a 

 

n/a20152015     
OOOP***n/a  

 

n/a       

 

KEY:

  • Green square indicates latest release already supports this functionality
  • Blue square indicates that a patch is available in our git repo. See here for details: DNS-over-TLS patches
  • Yellow square indicates work in progress
  • 2015 indicates patches planned for 2015
  • ! Requires building against a patched version of libunbound

Most of the implementations above use only the STARTTLS/CH/TXT query text to negotiate the upgrade to TLS by default (the TO bit proposed in the draft in NOT used since it is not assigned by IANA, but may be available as an option in some implementations).

*    getdns uses libunbound in recursive mode
**  available on linux only 
***  Pipelining and OOOP are not applicable for synchronous applications

 

  • No labels