wtoorop
commented
4 years ago DNS-over-TLS (DoT) (as implemented in getdns/stubby) is over port 853 (by default) and looks like regular TLS data. Both stubby and the DoT resolvers you are contacting are encrypting their traffic by default if you setup DoT sessions with stubby.
Stubby is a daemon (running process) reading a config file from which to configuring a getdns_context which is subsequently used for listing for and sending out DNS requests.
Stubby's role is to interface with the OS and act as much as possible as a system component responsible for resolution for that OS.
I have downloaded the "getdns-1.6.0-beta.1" from github. I have created recipe files and compiled dependent libraries in RDK-B stack.
The "getdns-1.6.0-beta.1" component is added as part of RDK-B image.
I have loaded the image in to Rasberri-pi board.
we are using tshark tool to capture the packets.
We are unable to differentiate the whether stubby is encrypting the packets or other DNS resolver are encrypting by default.
I'm not sure about entry point for getdns component code after enabling stubby.
Please clarify if anyone knows more on the same.
Thanks & Regards, Cleona.