Created: 2020-08-19 Wed 09:05
Carsten Strotmann
~ 20 years with Men & Mice
DNS(SEC)/DANE/DHCP/IPv6 trainer and supporter
RIPE/IETF
Do53
= DNS-over-Port53 - classic DNS (UDP/TCP port 53)DoT
= DNS-over-TLS - TLS as the transport for DNSDoH
= DNS-over-HTTPS - HTTPS as the transport for DNSDoQ
= DNS-over-QUIC - QUIC as the transport for DNSDoC
= DNS-over-Cloud - DNS resolution via cloud services
(Google, Q9, Cloudflare …)Quote from RFC 8484:
Operational Considerations […] Filtering or inspection systems that rely on unsecured transport of DNS will not function in a DNS over HTTPS environment due to the confidentiality and integrity protection provided by TLS.
use-application-dns.net.
google.com
and
youtube.com
to determine if the network redirects to themsecurity.enterprise_roots.enabled
preference set to true?
systemd-resolved
for some timeunwind
resolver.arpa
via classic DNS53ALT-SVC
headeripv4hint
, ipv6hint
)dohuri
)example.com. IN HTTPSSVC 0 svc.example.net. svc.example.net. IN HTTPSSVC 2 svc1.example.net. ( dohuri=https://doh.example.net/dns-query odohkey="..." )
Questions
Contact: carsten@menandmice.training