Erich Eckner <b...@eckner.net> wrote: > > I am running a recursive resolver for my local network and was wondering > whether it is possible (and if so: how) to make it resolve via DNS-over-TLS if > that's available on the authoritative name servers.
BIND doesn't have any TLS support, and (as you said) it really needs to be integrated into the resolver in this situation. You could try the Knot Resolver, which has experimental support https://knot-resolver.readthedocs.io/en/stable/modules.html#experimental-dns-over-tls-auto-discovery Unbound can forward queries over TLS but it isn't clear to me whether it can do opportunistic TLS to authoritative servers. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Plymouth, Biscay, Fitzroy: Variable 3 or 4, becoming northeasterly 5 or 6 later in Plymouth and northwest Fitzroy. Moderate, becoming rough later in northwest Fitzroy. Occasional rain or drizzle in north. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
