IETF 94 news

Another successful Hackathon for the DNS/DNSSEC team! EDNS0 Padding and EDNS0 ECS privacy options added to the code

DNS-over-TLS draft is also going through WGLC

The latest release of getdns includes an experimental implementation of TLS hostname based authentication

There were presentations at the OARC Fall workshop on both 'DNS Privacy Mechanisms' and 'Using TLS for DNS privacy in practice'

The latest release of getdns allows the user to specify an ordered list of transports from TLS, STARTTLS, TCP or UDP. It also supports configuration of the DNS-over-TCP idle timeout for a paramter

IETF 93 Hackathon

Working on TLS authentication in getdns!

The latest release includes and implementation of STARTTLS

getdns 0.1.8 supports TLS

See the latest release at

Updated patches published

Latest patches available in the DNS-over-TLS git repository

IETF 92 presentation

A demo of TLS and STARTTLS in getdns was given at Bits'n'Bytes IETF 92 in Dallas.

IETF 91 presentation

A demo of the DNS-over-TLS code (ldns talking to unbound) was given in the DPRIVE working group at IETF 91 in Hawaii. 

New Try T-DNS guide

We have added a quick guide to trying T-DNS for yourself: Try T-DNS  Enjoy!

We have now published patches to implement TCP Fast open (linux only) in LDNS, Unbound and NSD.
They are available in this repo:

Information on TCP Fast Open can be found on this page:

TCP Fast Open

We have also updated our T-DNS patches - the latest versions can be found here:

New draft for 5966-bis

We recently published a new Internet Draft that we hope will update RFC5966. It updates the requirements for the support of TCP as a transport protocol for DNS implementation. See