advance features of BIND DoT and DoH

Wed Aug 11 06:07:12 UTC 2021

On Wed, Aug 11, 2021 at 10:04 AM Divya <divya.p at nic.in> wrote:

>
> Dear Admin,
>
> Has anybody implemented  advance features of BIND DoT and DoH, Kindly help
> me to configure DoT and DoH in DNS with BIND 9.17.16+CentOS  7.9.
>

Hello Divya,

For DoH, please have a look at the following page[1] and BIND9
documentation[2] and for DoT[3]

[1]: https://www.isc.org/blogs/bind-implements-doh-2021/
[2]:
https://bind9.readthedocs.io/en/latest/reference.html?highlight=DoH#http-statement-definition-and-usage
[3]: https://kb.isc.org/docs/aa-01386

>
> With Regards
> Divya
>
> ----- Original Message -----
> From: "Ondřej Surý" <ondrej at isc.org>
> To: "klaus darilion" <klaus.darilion at nic.at>
> Cc: bind-users at lists.isc.org
> Sent: Monday, August 9, 2021 10:48:54 PM
> Subject: Re: Does BIND supports ANAME RR
>
> No, and there’s no strong usercase for that. The ANAME was wrong on every
> level from the protocol perspective and I am glad it is gone.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
>
> > On 9. 8. 2021, at 17:23, Klaus Darilion via bind-users <
> bind-users at lists.isc.org> wrote:
> >
> > Does every application that uses gethostbyname have a benefit of
> HTTPS/SVCB? That is what I meant.
> > regards
> > Klaus
> >
> >> -----Ursprüngliche Nachricht-----
> >> Von: Mark Andrews <marka at isc.org>
> >> Gesendet: Montag, 9. August 2021 15:55
> >> An: Klaus Darilion <klaus.darilion at nic.at>
> >> Cc: Evan Hunt <each at isc.org>; Gaurav Kansal <gaurav.kansal at nic.in>;
> bind-
> >> users at lists.isc.org
> >> Betreff: Re: Does BIND supports ANAME RR
> >>
> >> Every resolver on the planet already supports HTTPS and SVCB.  Every
> >> authoritative server on the planet already supports HTTPS and SVCB via
> >> unknown record format. iOS is already making HTTPS queries for every
> >> webpage. I believe other browsers also make HTTPS queries today. Go look
> >> at your DNS traffic.
> >>
> >> The MR mentioned earlier allows named and the other tools to load and
> >> display the records in presentation format and to do the additional
> section
> >> processing.  None of that it required to be able to return these
> records.   It
> >> just makes it easier.
> >>
> >> Just about all the other DNS vendors also have code that can read and
> >> display presentation format.
> >>
> >> ANAME is dead.
> >> --
> >> Mark Andrews
> >>
> >>> On 9 Aug 2021, at 21:53, Klaus Darilion via bind-users <bind-
> >> users at lists.isc.org> wrote:
> >>>
> >>>
> >>>>
> >>>> -----Ursprüngliche Nachricht-----
> >>>> Von: bind-users <bind-users-bounces at lists.isc.org> Im Auftrag von
> Evan
> >>>> Hunt
> >>>> Gesendet: Samstag, 7. August 2021 20:21
> >>>> An: Gaurav Kansal <gaurav.kansal at nic.in>
> >>>> Cc: bind-users at lists.isc.org
> >>>> Betreff: Re: Does BIND supports ANAME RR
> >>>>
> >>>>>> On Sat, Aug 07, 2021 at 11:05:51PM +0530, Gaurav Kansal wrote:
> >>>>>> I need the help in figuring out whether BIND supports ANAME ? If
> yes,
> >>>>>> then from which version on wards ?
> >>>>>
> >>>>> No, it doesn't. The effort to standardize ANAME stalled, and I doubt
> >>>>> it'll be coming back.
> >>>>>
> >>>>> The new HTTPS and SVCB records look like a better approach anyway.
> >>>>> BIND will have support for those pretty soon.
> >>>
> >>> But honestly SVCB will not solve the ANAME problem. I will take years
> until
> >> all resolvers/client would support SVCB whereas ANAME would be
> >> implemented in the authoritative name server and hence would work for
> >> every client/resolver as client/resolver never sees the ANAME but only
> the
> >> A/AAAA record.
> >>>
> >>> regards
> >>> Klaus
> >>> _______________________________________________
> >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe
> >> from this list
> >>>
> >>> ISC funds the development of this software with paid support
> >> subscriptions. Contact us at https://www.isc.org/contact/ for more
> >> information.
> >>>
> >>>
> >>> bind-users mailing list
> >>> bind-users at lists.isc.org
> >>> https://lists.isc.org/mailman/listinfo/bind-users
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
> >
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
Best,
Swapneel
https://brainattic.in/blog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210811/0629cef0/attachment-0001.htm>