DOH or DOT Forwarder in BIND and is DOH GA?
Walter H.
Walter.H at mathemainzel.info
Sat Jun 12 13:21:40 UTC 2021
On 12.06.2021 14:24, Richard T.A. Neal wrote:
>
> Mainsh – I haven’t done any experimenting with DOT, but there’s a
> guide for configuring DOH at the following page. It requires BIND
> 9.17.10 or higher (DOH isn’t being backported to BIND 9.16):
> https://www.isc.org/blogs/doh-talkdns/
>
> Walter – I’m not sure why you’d say DOH/DOT is dead and to instead use
> DNSSEC. DOH/DOT and DNSSEC are two completely different things meant
> for two completely different DNS functions – there is no overlap.
>
short explanation:
the requirement for using DOH is to allow HTTPS requests with a Host of
just an IP,
which you would rather block;
and for both DOT and DOH are SSL-certificates with a IP address in its
SAN, which you also rather reject;
and the overlap you don't see is the reason why one would use DOT or DOH;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210612/98f783c0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3550 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210612/98f783c0/attachment.bin>
More information about the bind-users
mailing list