I suppose it could also be implemented with DTLS [0] over UDP [1]. (Checking Wik... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ademarre on Sept 16, 2016 | parent | context | favorite | on: Show HN: dingo - a Google DNS-over-HTTPS caching p...

I suppose it could also be implemented with DTLS [0] over UDP [1]. (Checking Wikipedia...) A 2013 paper [2] published some vulnerabilities; mostly implementation flaws, but it raised some questions about the core spec as well.

However you implement it, encrypting DNS probably has it's place, but it doesn't make a whole lot of sense for most applications.

[0] https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Secur...

[1] https://tools.ietf.org/html/rfc6347

[2] http://www.isg.rhul.ac.uk/~kp/dtls.pdf

zokier on Sept 16, 2016 [–]

There are IETF drafts actively being worked on for DNS over DTLS:

https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/

https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-...

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact