Skip to content

WIP: DNS over TLS and TCP out-of-order processing

Jan Včelák requested to merge tls-listen into master

close #49 (closed)

Testing

# Generate ephemeral keys and update config
openssl genrsa -out dns.key 1024
openssl req -new -key dns.key -out dns.crt -x509
cat >> config << EOF
net.tls_cert("dns.crt")
net.tls_key("dns.key")
net.listen('127.0.0.1', 6668, {tls=true})
EOF

# Start the server
./daemon/kresd -k root.keys

# <compile ldns drill with patches> ... https://portal.sinodun.com/wiki/display/TDNS/DNS-over-TLS+clients
# on OS X
brew install openssl
./configure --prefix=$HOME/.local --with-drill --with-ssl=/usr/local/opt/openssl --with-tls=/usr/local/opt/openssl/lib
make -j4 && make install

# Test with drill
~/.local/bin/drill -l -P -p 6668 . @127.0.0.1 NS

Merge request reports