DOH or DOT Forwarder in BIND and is DOH GA?

Manish Rane manishr78 at
Mon Jun 14 01:59:50 UTC 2021

I completely agree with you and both are different.

However I resolved the issue on my Ubuntu with stubby daemon and wondering
if anyone is aware similar service?
Thanks and Regards,
Manish R

On Mon, Jun 14, 2021 at 1:57 AM Tony Finch <dot at> wrote:

> Walter H. via bind-users <bind-users at> wrote:
> >
> > DOH/DOT is dead;
> >
> > use DNSSEC instead and no troubles;
> No.
> DNSSEC is about data integrity. It allows me to host my zones with a
> collection of semi-trusted third parties without having to worry about
> them changing my DNS records. It allows clients to be sure they got the
> correct data when querying my zones. But DNSSEC does not provide any
> confidentiality, and it doesn't protect the protocol parts of DNS packets
> such as the RCODE and the EDNS options.
> DoH and DoT are the opposite. They provide better confidentiality
> (network middleboxes can't see your queries) and better transport
> integrity (active attackers can't mess with things like EDNS options), but
> they don't authenticate the contents of DNS records.
> It is wrong to say that one is better than the other: they are orthogonal.
> It's good to deploy either of them, and better to deploy both.
> Tony.
> --
> f.anthony.n.finch  <dot at>
> Viking, North Utsire: Southwesterly, veering westerly later, 4 to 6.
> Moderate, occasionally rough later. Rain, showers later. Good,
> occasionally poor.
> _______________________________________________
> Please visit to
> unsubscribe from this list
> ISC funds the development of this software with paid support
> subscriptions. Contact us at for more
> information.
> bind-users mailing list
> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list