search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.27k stars 418 forks source link

When dns is running as doh and dot server, add support for ocsp #679

Closed liang-hiwin closed 1 year ago

liang-hiwin commented 1 year ago

Add support for ocsp, doh can be implemented through nginx anti-proxy, but dot cannot.

Eliminating the need for clients to contact the CA, with the aim of improving both security and performance.

ShreyasZare commented 1 year ago

Thanks for the post OCSP is a HTTP client feature and thus implementing support for it in the server is not possible.

liang-hiwin commented 1 year ago

Thanks for the post OCSP is a HTTP client feature and thus implementing support for it in the server is not possible.

You misunderstood, the meaning is supports OCSP stapling for DNS over HTTPS and DNS over TLS

liang-hiwin commented 1 year ago

Here are some examples, you can look at https://dnsdist.org/advanced/ocsp-stapling.html

ShreyasZare commented 1 year ago

Thanks for the post OCSP is a HTTP client feature and thus implementing support for it in the server is not possible.

You misunderstood, the meaning is supports OCSP stapling for DNS over HTTPS and DNS over TLS

Ok, thanks for the feature request. There is already code changes coming up in next release for this issue here. So, will enable OCSP stapling along with it.

liang-hiwin commented 1 year ago

Thanks for the post OCSP is a HTTP client feature and thus implementing support for it in the server is not possible.

You misunderstood, the meaning is supports OCSP stapling for DNS over HTTPS and DNS over TLS

Ok, thanks for the feature request. There is already code changes coming up in next release for this issue here. So, will enable OCSP stapling along with it.

hei hei , thank you for understanding what I mean.

ShreyasZare commented 1 year ago

Technitium DNS Server v11.4 is now available that enables OCSP stapling. Do update and let me know your feedback.

liang-hiwin commented 1 year ago

Technitium DNS Server v11.4 is now available that enables OCSP stapling. Do update and let me know your feedback.

Enabling the following options will automatically enable ocsp? Enable DNS-over-TLS Enable DNS-over-HTTPS

ShreyasZare commented 1 year ago

Enabling the following options will automatically enable ocsp? Enable DNS-over-TLS Enable DNS-over-HTTPS

Yes, as per the Microsoft documentation, the server will send OCSP details.