[Dnsmasq-discuss] Feature Request: DNS over TLS or HTTPS
Curzon Dax
curzondax at protonmail.com
Mon Feb 27 18:06:35 UTC 2023
Greetings,
I checked through the last 1-2 years of the mailing list, and I hadn't seen anything regarding DoT/DoH. If this has come up before and I missed it, apologies in advance.
Thought I'd add a feature request for DNS over TLS or DNS over HTTPS when dnsmasq is used as a DNS forwarder.
BIND is about to implement this in the next version, and I believe Windows DNS is the last to the party among the other major DNS recursors/forwarders.
I realize that this could add considerable size, scope, and complexity to something which is inherently light weight and used on a lot of embedded devices with very minimal storage. Perhaps something optional at build time to avoid bundling large libraries/dependencies. embed-TLS could be something to look at to ensure this feature could be built on very-low-storage, embedded devices.
I know that many embedded devices (modems/routers) have some form of an SSL library already, as many offer admin control over https://.
If there is interest by the developers/maintainers, perhaps we could make a call for financial support from the major recursive providers (Google, Quad9, Cloudflare, etc). I know a few of the DNS folks at these organizations, and while I'm not making any promises or claims, it's something I'd be happy to reach out to them about.
Thanks in advance.
-Curzon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230227/d27592e8/attachment.htm>
More information about the Dnsmasq-discuss
mailing list