Think that MIAB will work towards supporting more cryptographic DNS. I know it already supports DNSSEC however since the last major release of MIAB DNS over HTTPS and DNS over TLS and a few other specifications have been ratified and made mainstream it would be awesome to have these DNS features on our domains/MIABs.
You can submit a PR to the project. These kinds of changes are usually welcome.
Beyond me how to really integrate this well into this ecosystem. Was just wondering if it was on the horizon.
Mail-in-a-Box is acting as an authoritative DNS server for the domains you’re hosting on it, not as a DNS resolver. So I don’t think it would make sense or is even possible, since DoH and DoT can only be used for connections between DNS clients and DNS resolvers, at least for now.
I think this is no longer correct. Find in page dns-service-key
at:
https://nsd.docs.nlnetlabs.nl/en/latest/manpages/nsd.conf.html
However, this is not in nsd.conf(5)
on MiaB, so I suspect MiaB will not be able to support until 22.04.
Indeed, a little searching and looks likeMiaB is running version 4.1.19 and the announcement for 4.2.0 includes support for TLS:
Ok. I didn’t know that. Thx for the info.
But after I did a little search for Authoritative DNS over TLS or ADoT and couldn’t find a lot of things. I found this 2019 draft, where I don’t think all of the Key Issues and Questions have been conclusively addressed yet. I also found this very technical article from January of 2022, which doesn’t sound very optimistic in it’s conclusion.
My conclusion: Yes, the technical foundation is implemented in NSD. I even found a tutorial, on how to set it up on OpenBSD. My gut tells me though, and others that are more knowledgeable than me may correct me on this, that implementing ADoT in MiaB at this point in time, would probably cause more issues than it would solve. Or at least there wouldn’t be any real life benefits from it just yet.
I’m happy to wait just wanted to know if it was on the horizon.
This topic was automatically closed after 59 days. New replies are no longer allowed.