ISC receives Mozilla Award for Development of Foundational Technology

The Mozilla Open Source Software award will underwrite the cost of adding DNS over HTTPS to BIND 9 to make this new technology more widely available.

Under the terms of the award, a DoH implementation will be included in the free open source BIND 9 code, released under the MPL 2.0 license.

What is DoH?

DNS over HTTPS is a new RFC (https://tools.ietf.org/html/rfc8484) from the IETF, published in October 2018, that gives web applications access to DNS information via existing browser APIs. ISC has been always committed to implementing DNS standards to give DNS users and operators a choice about where, how, and when they want to deploy them. It is part of our mission to offer the DNS ecosystem more choices.

DoH and DoT

DoH and another proposed standard, DNS over TLS (aka DOT) each provide some protection from on-the-wire snooping of DNS information. ISC has announced it will develop support for both DoH and DoT in 2020, so that operators and researchers can evaluate and assess both of these new encrypted transport options.

Timeline

The MOSS award to ISC spans a 12-month development period. The first milestone is completion of some refactoring in BIND 9 to modernize the networking stack, which will support the development of alternative transport for DNS. ISC will publish a DoH design document by the end of April 2020, in the public BIND 9 development wiki. Then, by the end of June, ISC will publish code for a client implementation (e.g. in the dig and delv utilities). The complete implementation will be available in the master development branch in October 2020. Finally, ISC will backport DoH to the long term support branch, 9.16, before the end of 2020 to provide widespread access to the new feature.

Recent Posts

What's New from ISC

Encrypted DNS: Why all the drama about DOH?

Two years ago, interest in DNS Encryption was lukewarm… In May of 2018, ISC did a survey asking our users about their interest in deploying various DNS privacy measures, including both QNAME minimization and encryption (DNS over HTTP or DoH and DNS over TLS or DoT).

Read post