[Pdns-dev] dns/tls for auth
bert hubert
bert.hubert at powerdns.com
Thu May 17 21:00:19 UTC 2018
On Thu, May 17, 2018 at 03:51:12PM -0400, James Cloos wrote:
> Has any work been done on adding support for dns/tls on port 853 to the
> auth server?
>
> It should be done in the server itself, so that eg statistics in the
> webserver remain accurate and because more daemons are additional points
> of failure.
Hi Jim - we respectfully do not agree with this assessment. We have a great
DNS over TLS implementation in dnsdist, and we don't feel the need to burden
the PowerDNS Authoritative Server with that. dnsdist also offers pretty good
statistics, and can forward the original IP address to the backend.
Incidentally, the dnsdist implementation has just been benchmarked & the
results were presented at RIPE yesterday, it came out pretty well.
https://ripe76.ripe.net/presentations/92-RIPE76_DNS_Privacy_measurements.pdf
Bert
More information about the Pdns-dev
mailing list