| 1 | == DPRIVE / DNS-over-TLS == |
| 2 | |
| 3 | In cooperations with the NOC, Erik Kline and Warren Kumari are running an '''experimental''' DNS-over-TLS (DPRIVE) service on the IETF 99 network. |
| 4 | |
| 5 | The objective is to "eat our own dogfood", test, and allow people to gain experience with DPRIVE. |
| 6 | |
| 7 | This is implemented using stunnel listening on port 853 and proxying DNS queries to the "normal" DNS servers. |
| 8 | |
| 9 | We are logging the number of packets and bytes being sent to the service, but are not logging the queries / responses themselves. |
| 10 | |
| 11 | If you are interested in using this, you can use the [https://getdnsapi.net/blog/dns-privacy-daemon-stubby/ Stubby] implementation, and / or a very recent Android Open Source Project build. |
| 12 | An example stubby config file is here: [https://raw.githubusercontent.com/wkumari/dprive-nginx-bind/master/stubby_configs/stubby-ietf.conf here] |
| 13 | |
| 14 | |
| 15 | For troubleshooting, talk to Erik Kline or Warren Kumari (warren@kumari.net). |
| 16 | |
| 17 | More discussion on the general topic DNS privacy topic can be found in the [https://datatracker.ietf.org/wg/dprive/charter/ DPRIVE WG], and will also be discussed in the "DNS, DNSSEC, DNS Privacy" part of the Hackathon. |
| 18 | |
| 19 | As this is an experiment, it is low priority, and if it causes any operational issues, it will be disabled. |