Option to listen for DNS-over-TLS queries

getdnsapi / stubby

Stubby is the name given to a mode of using getdns which enables it to act as a local DNS Privacy stub resolver (using DNS-over-TLS).

https://dnsprivacy.org/dns_privacy_daemon_-_stubby/

BSD 3-Clause "New" or "Revised" License

1.19k stars 99 forks source link

Option to listen for DNS-over-TLS queries #201

Open triatic opened 5 years ago

triatic commented 5 years ago

Would it be feasible to have Stubby listen for DNS-over-TLS queries as well as send them? That way it could act as a fully-fledged DNS-over-TLS proxy without any additional software.

CameronNemo commented 4 years ago

What is the use case for this? Does unbound not address some of the needs?

triatic commented 4 years ago

Yes, Unbound can do this, as can Knot Resolver. Maybe Stubby could do it too.

CameronNemo commented 4 years ago

Well I do not know how much effort it would be to add such functionality. But I will say that what attracts me to Stubby is that it is a minimal tool designed for the most common use case. For more complicated cases there are alternatives, like the ones you mentioned. I would hope that scope creep does not jeopardize one of stubby's main differentiating factors compared to other resolvers.