Another successful Hackathon for the DNS/DNSSEC team! EDNS0 Padding and EDNS0 ECS privacy options added to the code
DNS-over-TLS draft is also going through WGLC
The latest release of getdns includes an experimental implementation of TLS hostname based authentication
There were presentations at the OARC Fall workshop on both 'DNS Privacy Mechanisms' and 'Using TLS for DNS privacy in practice'
The latest release of getdns allows the user to specify an ordered list of transports from TLS, STARTTLS, TCP or UDP. It also supports configuration of the DNS-over-TCP idle timeout for a paramter
Working on TLS authentication in getdns!
New versions of 2 internet drafts are available:
The latest release includes and implementation of STARTTLS
A demo of TLS and STARTTLS in getdns was given at Bits'n'Bytes IETF 92 in Dallas.
Update version of https://tools.ietf.org/html/draft-ietf-dnsop-5966bis-01 available
A demo of the DNS-over-TLS code (ldns talking to unbound) was given in the DPRIVE working group at IETF 91 in Hawaii.
We have now published patches to implement TCP Fast open (linux only) in LDNS, Unbound and NSD.
They are available in this repo:
Information on TCP Fast Open can be found on this page:
We have also updated our T-DNS patches - the latest versions can be found here:
We recently published a new Internet Draft that we hope will update RFC5966. It updates the requirements for the support of TCP as a transport protocol for DNS implementation. See https://tools.ietf.org/html/draft-dickinson-dnsop-5966-bis-00