Hello *,

Core Update 154 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-154-available-for-testi...) is running here for a couple of weeks by now without any known issues so far - sorry for my tardy report.

As expected, Unbound is now reusing TCP and TLS connections, making huge improvements of resolution times for machines using something else than UDP for querying DNS resolvers. Except for a initial delay, DoT does not introduce any significant performance impact anymore. Upcoming Unbound version will support padding of DNS over TLS traffic, making guessing queried FQDNs even harder to passive adversaries.

In a rather gloomy world in terms of privacy, I guess that is good news. :-)

Tested IPFire functionalities in detail: - IPsec (N2N connections only) - Squid (authentication enabled, using an upstream proxy) - OpenVPN (RW connections only) - IPS/Suricata (with Emerging Threats community ruleset enabled) - Guardian - Quality of Service - DNS (using DNS over TLS and strict QNAME minimisation) - Dynamic DNS - Tor (relay mode)

I look forward to the release of Core Update 154.

Thanks, and best regards, Peter Müller