On Thu, May 17, 2018 at 03:51:12PM -0400, James Cloos wrote: > Has any work been done on adding support for dns/tls on port 853 to the > auth server? > > It should be done in the server itself, so that eg statistics in the > webserver remain accurate and because more daemons are additional points > of failure.
Hi Jim - we respectfully do not agree with this assessment. We have a great DNS over TLS implementation in dnsdist, and we don't feel the need to burden the PowerDNS Authoritative Server with that. dnsdist also offers pretty good statistics, and can forward the original IP address to the backend. Incidentally, the dnsdist implementation has just been benchmarked & the results were presented at RIPE yesterday, it came out pretty well. https://ripe76.ripe.net/presentations/92-RIPE76_DNS_Privacy_measurements.pdf Bert _______________________________________________ Pdns-dev mailing list Pdns-dev@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-dev
