Changes between Initial Version and Version 1 of IETF99-DPRIVE


Ignore:
Timestamp:
14 Jul 2017, 11:44:30 (6 months ago)
Author:
warren@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • IETF99-DPRIVE

    v1 v1  
     1== DPRIVE / DNS-over-TLS ==
     2
     3In cooperations with the NOC, Erik Kline and Warren Kumari are running  an '''experimental''' DNS-over-TLS (DPRIVE) service on the IETF 99 network.
     4
     5The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE.
     6
     7This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" DNS servers.
     8
     9We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves.
     10
     11If you are interested in using this, you can use the [https://getdnsapi.net/blog/dns-privacy-daemon-stubby/ Stubby] implementation, and / or a very recent Android Open Source Project build.
     12An example stubby config file is here: [https://raw.githubusercontent.com/wkumari/dprive-nginx-bind/master/stubby_configs/stubby-ietf.conf here]
     13
     14
     15For troubleshooting, talk to Erik Kline or Warren Kumari (warren@kumari.net).
     16
     17More discussion on the general topic DNS privacy topic can be found in the [https://datatracker.ietf.org/wg/dprive/charter/ DPRIVE WG], and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon.
     18
     19As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled.