DOH or DOT Forwarder in BIND and is DOH GA?

Manish Rane manishr78 at gmail.com
Mon Jun 14 01:59:50 UTC 2021


I completely agree with you and both are different.

However I resolved the issue on my Ubuntu with stubby daemon and wondering
if anyone is aware similar service?
--------------------------------------------------------------------------
Thanks and Regards,
Manish R


On Mon, Jun 14, 2021 at 1:57 AM Tony Finch <dot at dotat.at> wrote:

> Walter H. via bind-users <bind-users at lists.isc.org> wrote:
> >
> > DOH/DOT is dead;
> >
> > use DNSSEC instead and no troubles;
>
> No.
>
> DNSSEC is about data integrity. It allows me to host my zones with a
> collection of semi-trusted third parties without having to worry about
> them changing my DNS records. It allows clients to be sure they got the
> correct data when querying my zones. But DNSSEC does not provide any
> confidentiality, and it doesn't protect the protocol parts of DNS packets
> such as the RCODE and the EDNS options.
>
> DoH and DoT are the opposite. They provide better confidentiality
> (network middleboxes can't see your queries) and better transport
> integrity (active attackers can't mess with things like EDNS options), but
> they don't authenticate the contents of DNS records.
>
> It is wrong to say that one is better than the other: they are orthogonal.
> It's good to deploy either of them, and better to deploy both.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  https://dotat.at/
> Viking, North Utsire: Southwesterly, veering westerly later, 4 to 6.
> Moderate, occasionally rough later. Rain, showers later. Good,
> occasionally poor.
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210614/9ce97ba7/attachment.htm>


More information about the bind-users mailing list