Hi Michael,
Am Montag, den 10.12.2018, 00:21 +0000 schrieb Michael Tremer:
I did not understand what the news is here,
the main news for me was that i´ ve build knot (kdig) and a deeper look into the whole DNS-over-TLS subject and a debugging in general of DoT is now better possible. The next news was that i wrote a script which checks the configured DoT servers via kdig for a better overview which servers are reliable. Since i do not use Quad9 nor Cloudflair which are currently the only one to my knowledge that are not outlined as not experimental) --> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Public+Resolvers public resolvers i wanted to check what´s going on with all the experimental ones --> https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers#DNSPrivacyTe... therefor this step was important for me and i decided to share it here with you.
Have update also the DoT configuration file to now 12 DNS test servers which worked now since ~ 2 weeks without problems. Needed also to throw some others out which causes problems since some certificate where not trustworthy or DNSSEC validation doesn´t worked.
May you ask yourself why on earth 12 DNS servers ? Well, another testing field for me is not only encryption in that topic but also randomization --> https://www.monperrus.net/martin/randomization-encryption-dns-requests --> https://www.ctrl.blog/entry/kresd-random-dns-forwarding which unbound offers via 'rrset-roundrobin: yes' as a default value on IPFire but along my testings i could figure out that it only works with DoT not with regular DNS, for reference test see here --> https://forum.ipfire.org/viewtopic.php?f=6&t=21866#p120276
This are currently my main news, but there is more which i wrote in the forum but also on Gitlab in the README.
but please try to keep the conversation on the list when it has started there. I do not regularly read the forums.
Yes i know and will do this too but as ever i try to invite the community also via forum to go for testings/sharing_information which, also as usual, do not works very well.
Best,
Erik
-Michael
On 9 Dec 2018, at 20:08, ummeegge ummeegge@ipfire.org wrote:
Hi all, some news in this topic can be found in here --> https://forum.ipfire.org/viewtopic.php?f=50&p=120997#p120997
Best,
Erik