[dns-operations] Detecting DNS hijacking (Was: new public DNS service: 18.104.22.168
bortzmeyer at nic.fr
Tue Nov 21 14:55:27 UTC 2017
On Tue, Nov 21, 2017 at 12:16:48PM +0000,
Jeremy Harris <jgh at wizmail.org> wrote
a message of 17 lines which said:
> Would one, as a client, also need to enforce certificate pinning to
> assure authentication of the 22.214.171.124 you're talking TLS to?
Sure. RFC 7858, section 4. But wait also the future RFC, more
comprehensive about DNS-over-TLS authentication, which is currently in
the RFC Editor queue
At the present time, it seems Quad9 does not publish the keys in an
official way. This is currently being discussed with them.
More information about the dns-operations