All, DNS over TLS offers the ability to perform DNS queries over a TLS secured channel. In my understanding, DNS over TLS is not yet available in all operating systems, but operating system support could become common in future.
Many applications rely on operating system APIs to access DNS services. As native support of DNS over TLS rolls out in to operating systems it seems likely that some applications will wish to control the security policy that the operating system applies when it performs DNS resolution. For example, the application may wish to require that the operating system uses an encrypted DNS protocol. Today, most operating systems use the getaddrinfo() function described in RFC3493 as the basis of their API for translating DNS names to IP addresses, but this does not have security policy attributes. Is anyone aware of any activity to enhance the RFC3493 work to add application control of security policy to the getaddrinfo() capabilities? Unless operating systems support secure DNS standards and expose APIs to allow applications to use them effectively then applications that require secure DNS have little choice other than to roll their own implementations. Thanks Iain
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
