Changes between Initial Version and Version 1 of IETF100Experiments


Ignore:
Timestamp:
9 Nov 2017, 05:53:27 (6 weeks ago)
Author:
bmheight@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • IETF100Experiments

    v1 v1  
     1= Experiments on the IETF 100 Network =
     2
     3Experiments on the IETF Network may be requested by any member of the community by contacting the NOC. The NOC will work with the requestors to help define how the experiment might take place, and will forward the request with their recommendation to the IETF Chair. If the Chair approves, the NOC will work with the requestor to help facilitate (but not '''do''') the experiment.
     4
     5For IETF 100 in Singapore, the following experiment has been approved and implemented:
     6
     7== DNS-over-TLS (DPRIVE) ==
     8
     9In cooperations with the NOC, Erik Kline and Warren Kumari are running  an '''experimental''' DNS-over-TLS (DPRIVE) service on the IETF 100 network.
     10
     11The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE.
     12
     13This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" [wiki:IETF100network#Services DNS servers].
     14
     15We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves.
     16
     17If you are interested in using this, you can use the [https://getdnsapi.net/blog/dns-privacy-daemon-stubby/ Stubby] implementation, a recent [https://www.unbound.net/ Unbound], or a very recent Android Open Source Project build.
     18
     19
     20An example Stubby config file is here: [https://raw.githubusercontent.com/wkumari/dprive-nginx-bind/master/stubby_configs/stubby-ietf.conf here] and an example Unbound config is: [https://raw.githubusercontent.com/wkumari/dprive-nginx-bind/master/ietf-configs/unbound.conf here]
     21
     22If folks want to use DNS-over-TLS outside of IETF, a set of experimental servers to use ‘in the wild’ (sadly mostly in Europe at the moment): ​https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers and a page monitoring their availability: ​https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/
     23
     24For troubleshooting, talk to Erik Kline or Warren Kumari, '''`warren @ kumari.net`'''.
     25
     26More discussion on the general topic DNS privacy topic can be found in the [https://datatracker.ietf.org/wg/dprive/charter/ DPRIVE WG], and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon.
     27
     28As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled.
     29
     30
     31== Additional info
     32
     33Example configs: https://github.com/wkumari/dprive-nginx-bind/tree/master/ietf-configs