wiki:IETF99-DPRIVE

DPRIVE / DNS-over-TLS

In cooperations with the NOC, Erik Kline and Warren Kumari are running an experimental DNS-over-TLS (DPRIVE) service on the IETF 99 network.

The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE.

This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" DNS servers.

We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves.

If you are interested in using this, you can use the Stubby implementation, and / or a very recent Android Open Source Project build. An example stubby config file is here: here

For troubleshooting, talk to Erik Kline or Warren Kumari (warren@…).

More discussion on the general topic DNS privacy topic can be found in the DPRIVE WG, and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon.

As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled.

Last modified 5 months ago Last modified on 14 Jul 2017, 11:44:30