Hello,
we run DoH and DoT resolvers where dnsdist
terminates the TLS connection and forwards queries via
plain UDP/53 to multiple unbound instances.
stub --(DoH or DoT)-> dnsdist -(Do53)-> unbound
dnsdist does not support padding [1].
Unbounds documentation:
pad-responses: <yes or no>
If enabled, TLS serviced queries that contained an EDNS Padding
option will cause responses padded to the closest multiple of
the size specified in pad-responses-block-size. Default is yes.
suggests that it only supports padding on TLS connections.
Is it possible to enable padding in unbound also in cases where unbound
does not speak TLS itself?
thanks,
Christoph
[1] https://github.com/PowerDNS/pdns/issues/10018
[2] https://nlnetlabs.nl/documentation/unbound/unbound.conf/
