DNS Privacy Project

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Also, since the patches use TLS v1.2 a recent version of OpenSSL is required.

LDNS

ldns.1.6.17_t-dns.patch

  • Adds -F option to read multiple message files from a directory.
  • Adds -R option to re-use TCP/TLS connections when possible.
  • Adds -l option to do TLS on a dedicated TLS port.
  • Adds -C option to do STARTTLS (no TO bit) (experimental).
  • Adds -L option to do STARTTLS (with TO bit) (experimental).
  • Adds -P option to prevent failed STARTTLS negotiation falling back to TCP.
  • Adds experimental support for TCP Fast open (linux only). Enable with --enable-tcp-fastopen configure option.

INSTALLATION

  1. run 'autoreconf --force'
  2. additionally specify the '--with-ssl' and --with-tls' flags when running 'configure'

Unbound

unbound-1.4.22_t-dns.patch

  • Add support for T-DNS (experimental) to Unbound as a server. 
  • Adds new configuration file options:
    •  'do-starttls: yes/no'   #  enable starttls for downstream queries
  • Adds experimental client and server support for TCP Fast open (linux only). Enable with --enable-tcp-fastopen configure option.

NSD

nsd-4.1.0_tls.patch

  • Implement a TLS service on a dedicated TLS port 
  • Adds new options in configuration file: 
    • 'tls-service-key: <path_to_key_file>' 
    • 'tls-service-pem: <path_to_pem_file>' '
    • tls-port: <port for TLS service>' nsd-4.1.0_t-dns.patch 
  • Add support for T-DNS (experimental). 
  • Adds new option in configuration file: 
    • 'allow-tls-upgrade: yes/no' 
  • No labels