| | 1 | == DPRIVE / DNS-over-TLS == |
| | 2 | |
| | 3 | In cooperations with the NOC, Erik Kline and Warren Kumari are running an '''experimental''' DNS-over-TLS (DPRIVE) service on the IETF 99 network. |
| | 4 | |
| | 5 | The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE. |
| | 6 | |
| | 7 | This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" DNS servers. |
| | 8 | |
| | 9 | We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves. |
| | 10 | |
| | 11 | If you are interested in using this, you can use the [https://getdnsapi.net/blog/dns-privacy-daemon-stubby/ Stubby] implementation, and / or a very recent Android Open Source Project build. |
| | 12 | An example stubby config file is here: [https://raw.githubusercontent.com/wkumari/dprive-nginx-bind/master/stubby_configs/stubby-ietf.conf here] |
| | 13 | |
| | 14 | |
| | 15 | For troubleshooting, talk to Erik Kline or Warren Kumari (warren@kumari.net). |
| | 16 | |
| | 17 | More discussion on the general topic DNS privacy topic can be found in the [https://datatracker.ietf.org/wg/dprive/charter/ DPRIVE WG], and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon. |
| | 18 | |
| | 19 | As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled. |
