This table lists the best understanding of current status of DNS-over-TLS related features in the latest stable releases of a selection of commonly used DNS software.
If there are errors of glaring omission please email firstname.lastname@example.org
Coming soon will be guides on how to use NGINX and other proxies to provide DNS-over-TLS, also see here. Note that this will still require the nameserver to have full TCP capabilities for production level service.
See the DNS-over-TLS reference material page for more details on the indivudual features.
|TCP fast open(b)|
|Connection reuse (Q/R, Q/R, Q/R)|
Pipelining of queries(Q,Q,Q,R,R,R)
|Process OOOR (Q1,Q2,R2,R1)||n/a|
|TLS encryption (Port 853)|
|TCP fast open**|
Process Pipelined queries
|TLS encryption (Port 853)||(d)||WIP|
|Provide TLS auth credentials||(d)||WIP|
(a) getdns uses libunbound in recursive mode
(b) not yet available on Windows
(c) Implies robust TCP connection management (see RFC7828 and RFC7766)
(d) See this article for how to use stunnel with BIND to provide DNS-over-TLS - thanks Francis Dupont!
Note pipelining and OOOP are not applicable for synchronous applications.