DNS Privacy Project

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

This page will hold a high level summary of the project progress (most recent activity at the top)

October 2014

  • Testing of 0.1.5 getdns codebase which implements TCP pipelining.
  • POC implemenation of TCP Fast Open in ldns and NSD.
  • Patch released to implement STARTTLS in NSD.
  • Released patch to ldns for connection re-use.

September 2014

  • Continued helping to implement switch to ldns for stub mode in getdns. 
    • Basic support for synchronous API implemented and per query namespaces also supported. (Note DNSSEC stub validation is still done by unbound at this point....)
  • Creating patch for ldns/drill to support connection reuse for TCP. Using this from synchronous stub mode in getdns to demonstrate connection re-use. 
  • Work on TCP related drafts

August 2014

  • Working on getnds
    • Added a new test to verify which transport queries are actually sent over
    • Helping to implement the switch to ldns for stub mode
    • Working on support for pipelining of TCP queries

July 2014

  • Attended IETF 90 in Toronto and gave a demo of sending queries from drill to Unbound using T-DNS
  • Started looking at pipelining multiple queries from drill to Unbound
  • Extending test framework to test multiple scenarios for drill <-> Unbound
  • Finished patch to drill to add extra options:
    • -l will send a single query over TLS
    • -L will send a single query over TLS after negotiating an upgrade using a STARTTLS/CH/TXT query
  • Finished patch to Unbound to support 'upgrade_tls' configure option. This enables unbound to receive a a STARTTLS/CH/TXT query, send a STARTTLS/CH/TXT response when configured properly, upgrade to SSL and then receive a query over SSL. 

June 2014

  • Started work on Unbound <-> NSD hop
  • Completing implementation in Unbound to get drill <-> Unbound hop working 
  • Implemented a patch to drill to support T-DNS for a single DNS query
  • Discussions on the class to be used for the dummy query. The resolver -> authoritative hop might be better implemented with a IN class query.
  • Start work on Unbound - understand current SSL-upstream implementation
  • From Willem: LDNS does not have support for asynchronous operation so in the short term it will probably be used in getdns just in synchronous mode so that the implementation of TDNS can continue. 
  • Further work on test framework

May 2014

  • Current getdns stub implementation cannot support sending of CH class queries as it uses libunbound which denies the query and never sends it onwards. Discussed in getnds meeting 19th May that further implementation of T-DNS in getdns will have to wait until libunbound is replaced with ldns for the stub mode. Current understanding is that Willem is going to tackle this in the next few weeks. 
  • Identified need to support CH class in getdns for dummy STARTTLS query. Start on implementation of this.
    • This implementation highlighted the need for getdns to gracefully handle refused queries that have no associated data.
  • Created test harness to create a dummy STARTTLS query
  • Agreed that initial implementations will use the dummy CH class query (not the TO bit)
  • Forked getdns. Familiarisation with getdns code base - get it to install and run!
  • Kick off meetings with T-DNS and getdns teams
  • Creation of project issue tracker and wiki site
  • Reading of relevant drafts and documentation - capture any early technical questions


  • No labels