[dns-operations] A dns-proxy for DNS over HTTP(s)

Jelte Jansen jelte.jansen at sidn.nl
Tue Aug 25 11:15:01 UTC 2015


On 08/25/2015 11:29 AM, Stephane Bortzmeyer wrote:
>
> with UDP. (By the way, I would like to see a DNS service "public
> resolver only reachable with TCP" using the normal DNS protocol. It
> would be an useful looking glass, and would avoid the risks documented
> in RFC 5358.)
> 

I have done some very preliminary experiments with this idea some time
ago; I made a version of unbound that sent TC=1 to every UDP query, and
only actually answered TCP queries.

Unfortunately the first few machines I tried it with didn't appear to
retry over TCP, so I didn't pursue further at that time. Might be
willing to have another look at it if there's more people interested.

Jelte




More information about the dns-operations mailing list