Maintained by: NLnet Labs

[Unbound-users] DNSSEC and traffic encryption questions

Tony Finch
Mon Feb 24 13:50:18 CET 2014


W.C.A. Wijngaards <wouter at nlnetlabs.nl> wrote:
> On 02/24/2014 12:37 PM, Beeblebrox wrote:
> >
> > * Unbound does not support encryption natively (from own code
> > base) AFAIK. I have come across two methods to encrypt DNS traffic:
> > TOR and DNSCrypt. Are there any other alternatives?
>
> You would need answers from other member of this mailing list for
> that.  ssl-upstream is one option, but it needs an upstream resolver
> that performs this weird style of encryption (i.e. another unbound).

The same is true for DNScrypt, and Tor is sort-of analogous.

There is not currently any common way to encrypt DNS. There is going
to be a discussion at the London IETF meeting next week about possible
approaches, but it is still very early days.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
FitzRoy, Sole: Westerly or southwesterly, backing southerly for a time, 5 to
7, increasing gale 8 to storm 10 for a time. Very rough, becoming high or very
high. Rain or squally showers. Moderate or good, occasionally poor.