Implementation Status

This table lists the current status of DNS-over-TLS related features in the latest stable releases of a selection of commonly used DNS software. 

Clients

Mode

Stub 

Recursive resolver

Software

ldns

(drill)

digit

getdns

BIND

(dig)

getdns*

UnboundBIND

Knot

Res

 

 

TCP/TLS Features

TCP fast open** (tick)

(tick)

 

P

  (tick)
Connection reuse (Q/R, Q/R, Q/R) (tick)

(tick)

(tick)  (tick)(tick)

Pipelining of queries(Q,Q,Q,R,R,R)

n/a(tick)

(tick)

(tick)  (tick)(tick)
Process OOOR (Q1,Q2,R2,R1)n/a (tick)

(tick)

(tick)  (tick)(tick)
EDNS0 Keepalive***  (tick)     

 

 

TLS Features

TLS encryption (Port 853) (tick)(tick) (tick)(tick)  
TLS authentication  (tick)     
EDNS0 Padding  (tick)     

Servers

ModeRecursiveAuth
Software

Unbound

BIND

Knot

Res

NSDBIND

Knot

Auth

 

TCP/TLS Features

TCP fast open**  (tick)  (tick)

Process Pipelined queries

(tick)(tick)(tick)(tick)(tick)(tick)
Provide OOORWIP(tick)(tick)n/an/an/a
EDNS0 Keepalive***WIP     

 


TLS Features

TLS encryption (Port 853)(tick) WIP   
Provide TLS auth credentials(tick) WIP   
EDNS0 Padding      

 

KEY:

*    getdns uses libunbound in recursive mode
**  not yet available on Windows 
*** Implies robust TCP connection management (see RFC7828 and RFC7766)

Note pipelining and OOOP are not applicable for synchronous applications.