[dns-operations] OARC DNS Privacy Resolver Testbed

彭勇华 pengyonghua at dnsbed.com
Thu Aug 4 00:49:54 UTC 2016

great to know this.
how can we configure the application to use DNS over TLS by default?


2016-08-04 1:33 GMT+08:00 Keith Mitchell <keith at dns-oarc.net>:

> OARC is pleased to offer open DNS Privacy resolvers that anyone can use
> to experiment with secured DNS over TLS services (see RFC 7858 [1]).
> These listen for DNS queries over TLS on TCP port 853.
> Detailed information about this testbed service is available at:
>         https://www.dns-oarc.net/oarc/services/dnsprivacy
> Two instances are available - one uses the ISI ANT T-DNS [2] server
> proxy, with a back-end hooked into OARC's existing BIND-based ODVR [3]
> server to provide packet capture as well as some modicum of logging. The
> second server uses Unbound [4] as the front-end, which then forwards
> queries to the Unbound-based version of the ODVR service.
> Please note this service is *experimental*, and makes *no* guarantees of
> availability, data privacy, RFC compliance/interoperability, or
> suitability for live, production use. We do however aim to contribute to
> the understanding of operating these services, seeking to improve their
> deployment towards these aims. Feedback as to how well or whether they
> actually work would be appreciated.
> The IP addresses for the DNS Privacy name-servers are:
> Instance        Name                            IP addresses
> T-DNS           tls-dns.odvr.dns-oarc.net
>                                                 No current IPv6 support
> Unbound         tls-dns-u.odvr.dns-oarc.net
>                                                 2620:ff:c000:0:1::64:25
> In line with OARC's mission, query data from these DNS Privacy and our
> other testbed name-servers is collected and made available for
> non-commercial, public benefit research purposes. Users of the service
> should be aware this may include personally identifiable information.
> If your DNS query data is sensitive, you should probably *not* be
> trusting it to an experimental 3rd-party research testbed. Depending on
> experience gathered from operating these testbeds, user uptake/demand
> and/or Member feedback, OARC may or may not in future decide to add
> anonymization of data gathered on these servers, or offer a choice for
> this on different server(s). Note that it may also be necessary to limit
> access to these open resolvers in the event of abuse.
> If you are interested in analyzing data from any of OARC's testbed
> tools, information about becoming an OARC member is available at
> <https://www.dns-oarc.net/oarc/agreements>, or please contact us at
> <admin at dns-oarc.net> if you have any questions/feedback about this
> service.
> Keith Mitchell
> --------
> [1]     https://datatracker.ietf.org/doc/rfc7858/
> [2]     https://ant.isi.edu/software/tdns/tdns-server-proxy/index.html
> [3]     https://www.dns-oarc.net/oarc/services/odvr
> [4]     http://www.unbound.net/
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160804/63725bcd/attachment.html>

More information about the dns-operations mailing list