[dns-operations] A dns-proxy for DNS over HTTP(s)
Shane Kerr
shane at time-travellers.org
Wed Aug 26 04:02:41 UTC 2015
Jelte,
On Tue, 25 Aug 2015 13:15:01 +0200
Jelte Jansen <jelte.jansen at sidn.nl> wrote:
> On 08/25/2015 11:29 AM, Stephane Bortzmeyer wrote:
> >
> > with UDP. (By the way, I would like to see a DNS service "public
> > resolver only reachable with TCP" using the normal DNS protocol. It
> > would be an useful looking glass, and would avoid the risks documented
> > in RFC 5358.)
> >
>
> I have done some very preliminary experiments with this idea some time
> ago; I made a version of unbound that sent TC=1 to every UDP query, and
> only actually answered TCP queries.
>
> Unfortunately the first few machines I tried it with didn't appear to
> retry over TCP, so I didn't pursue further at that time. Might be
> willing to have another look at it if there's more people interested.
I'd be curious to see a survey of which stub resolvers could be
coerced into using TCP. :)
Presumably glibc (normally used by Linux systems) works, since it has
the "use-vc" option which forces all DNS lookups to TCP (although this
does not *necessarily* mean that TCP fallback works, of course):
http://man7.org/linux/man-pages/man5/resolv.conf.5.html
Also, OpenBSD has a "options tcp" value to set this, and claims to
fallback properly to TCP if using UDP:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/resolv.conf.5
Anyway... interesting. :)
Cheers,
--
Shane
More information about the dns-operations
mailing list