[Pdns-users] Announcing: DNS over HTTPS on doh.powerdns.org
spork at bway.net
Sat Aug 25 19:30:55 UTC 2018
> On Aug 25, 2018, at 6:05 AM, bert hubert <bert.hubert at powerdns.com> wrote:
> Dear PowerDNS people,
> [tl;dr, if you want to do DNS over HTTPs, you can configure
> https://doh.powerdns.org/ in Firefox Nightly . This is built on the
> dnsdist DoH branch . If you are a service provider, we need to hear from
> you: what features do you need from us before you'll consider enabling DNS
> over TLS and DNS over HTTPs for you users]
Not sure what percentage of your ISP users we represent, but our situation probably resembles other small/regional ISPs - started in the dialup era, small but support/MSP-heavy user base leaning towards commercial, sysadmin(s) working on contract. Philosophically, we’d love to just flip a config bit in our two resolvers and offer both DNS over TLS and DoH and tout the privacy benefits to the users who care. I suspect that this is probably more complex than that and involves spending precious admin time researching and vetting. So my really short list:
- The 1-2 hour HOWTO-type document that covers config and monitoring (like is there a check_doh for nagios?)
- A 1 hour FAQ that has a good end-user pitch and something to address how wrapping any kind of TLS handshake and TCP around DNS does not make it noticeably slower for end users than good old UDP
Bway.net - New York's Best Internet www.bway.net
spork at bway.net - 212.982.9800
> But we bet there are more things holding service providers back from
> offering over HTTPS. So our question to you is: what is holding you back
> form offering DNS over TLS and DNS over HTTPS? Is there anything we can do?
> Are there missing features, are you worried about load-balancing or
> performance, anything.
> Please let us know.
> If you want to try dnsdist DoH support yourself, head to:
>  https://github.com/ahupowerdns/pdns/tree/dnsdist-doh
> The configuration statement is:
> addDOHLocal("220.127.116.11:443", "/etc/letsencrypt/live/doh.powerdns.org/fullchain.pem", "/etc/letsencrypt/live/doh.powerdns.org/privkey.pem")
> Good luck!
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users