I actually have some DNS-over-TLS measurements being collected via the RIPE Atlas probes. I hope to have some data to present in Montreal.
Brian On 6/16/18 5:00 AM, Ramanou BIAOU wrote: > Thanks Stephane > > That's very good news. > This will allow us to enrich our various tests with Atlas probes. > > Ramanou > > 2018-06-16 10:18 GMT+02:00 Stephane Bortzmeyer <[email protected]>: > >> The RIPE Atlas probes, really useful for testing Internet servers from >> several vantage points, can now do DNS-over-TLS. >> >> Starting with version 1.1.4, the blaeu program (article in >> <https://labs.ripe.net/Members/stephane_bortzmeyer/ >> creating-ripe-atlas-one-off-measurements-with-blaeu>, >> source code and issue tracker in >> <https://framagit.org/bortzmeyer/blaeu>) can exploit this feature: >> >> Without TLS: >> >> % blaeu-resolve --nameserver 9.9.9.9 --displayrtt www.ietf.org >> Nameserver 9.9.9.9 >> [2400:cb00:2048:1::6814:155 2400:cb00:2048:1::6814:55] : 5 occurrences >> Average RTT 298 ms >> Test #14440420 done at 2018-06-16T07:10:53Z >> >> With TLS, on the same Atlas probes (note the different RTT): >> >> % blaeu-resolve --nameserver 9.9.9.9 --displayrtt --tls --old_measurement >> 14440420 www.ietf.org >> Nameserver 9.9.9.9 >> [2400:cb00:2048:1::6814:155 2400:cb00:2048:1::6814:55] : 5 occurrences >> Average RTT 2806 ms >> Test #14440421 done at 2018-06-16T07:14:05Z >> >> Unfortunately, the current TLS client in the Atlas probes is a bit old >> and does not work with servers which require the very latest TLS >> options/ciphers/etc: >> >> % blaeu-resolve --nameserver 1.1.1.1 --displayrtt --tls www.ietf.org >> Nameserver 1.1.1.1 >> [TUCONNECT (may be a TLS negotiation error)] : 5 occurrences Average RTT 0 >> ms >> Test #14440463 done at 2018-06-16T07:17:06Z >> >> And of course if the server has no TLS available, it fails: >> >> % blaeu-resolve --nameserver 8.8.8.8 --displayrtt --tls www.ietf.org >> Nameserver 8.8.8.8 >> [TIMEOUT] : 5 occurrences Average RTT 0 ms >> Test #14440464 done at 2018-06-16T07:17:54Z >> >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dns-privacy >> > > > > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
