|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
||||
DNS-over-TLS using stubby
I've been reading about the various DNS privacy extensions recently, in particular DNS-over-HTTPS and DNS-over-TLS. I have my reservations about the former, but the latter using transport layer security piqued my interest and I decided to look for a solution which would work on OpenBSD and be fairly easy to implement.
GetDNS https://getdnsapi.net/releases/ seemed to fit the bill. This is how I got a working DNS-over-TLS stub resolver working on OpenBD 6.6 stable: Pull the latest release of getdns from the above site. Stubby is included in the source. Read the README! Some prerequisites are needed: libunbound, libidn2, libtool, autoconf, the GNU toolchain, libgnutls, GNU make. The following 'configure' command worked for me: Code:
./configure --with-stubby --with-gnutls --with-nettle --disable-ecdsa How to use it. To test it, start stubby like so: Code:
# stubby -g -l > /tmp/stubby.log Code:
% dig @::1 openbsd.org
__________________
dc -e '[q]sa[ln0=aln256%Pln256/snlbx]sb12247225403800449909543746snlbxq' |
|
|||
Yes, stub can query server DNS with DoT, as un(bou|wi)nd, and egual for DNSSEC
And perhaps, in future, it will requery on DoH. Question: why attempt to build, install and compil this tool rather than unwind, by default on base system, or unbound, available as package?! Just for fun, try and test? ---- Quote:
(just you need IPv4 and IPv6 addresses) ---- For, all french readers, read my article ; into EN Last edited by CiotBSD; 29th December 2019 at 10:59 PM. |
Thread Tools | |
Display Modes | |
|
|