LDNS (drill)

Digit

getdns 0.1.8

Notes on getdns

In the 0.1.8 release of getdns there is an experiment implementation of DNS-over-TLS. It is enabled by using one of the following options as the getdns_transport_t value in the getdns_context_set_dns_transport() method:

Notes:

 RecursiveStubStub +dnssec extension
  [Uses TLS v1.2 only]

[Uses TLS 1.2 but will fallback to
v1.1, v1]

TLS_ONLY
  • Not supported. 
  • Will error GETDNS_BAD_CONTEXT.
Fully supported.

Supported but will not keep
connections open.

TLS_FIRST_AND_
FALL_BACK_TO_TCP
  • Will fallback to TCP without trying TLS. 
  • Will not keep connections open.
Fully supported.
  • Will fallback to TCP without trying TLS. 
  • Will not keep connections open.

How to Decode TLS packets in Wireshark

If you want to decode the DNS packets in Wireshark (use 1.12.1 or later) to get support TLSv1.2