[dns-privacy] DNS-over-TLS on the IETF network...
Warren Kumari <warren@kumari.net> Sun, 16 July 2017 10:36 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8BE5126B6E for <dns-privacy@ietfa.amsl.com>; Sun, 16 Jul 2017 03:36:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGEWyuvHZPV7 for <dns-privacy@ietfa.amsl.com>; Sun, 16 Jul 2017 03:36:57 -0700 (PDT)
Received: from mail-vk0-x235.google.com (mail-vk0-x235.google.com [IPv6:2607:f8b0:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B2E12EC19 for <dns-privacy@ietf.org>; Sun, 16 Jul 2017 03:36:57 -0700 (PDT)
Received: by mail-vk0-x235.google.com with SMTP id r126so64704099vkg.0 for <dns-privacy@ietf.org>; Sun, 16 Jul 2017 03:36:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=z7RY9qS6ga4NZQc0IILxqvogPEWqgGbj/RsMKWUNe0M=; b=TuH4O+7mst8u6hcOEJFnhca4XrG+ckdzLIJ4cXGWrKV87M/RUL094sgKtLeiBHWVwq TrOE2M2WPIXH9ALuIVchExXO91KY7gvlxrDeNEhcwGvkRf/dVx8BL0VEweEW/kvJ16t8 0o14T3s3qucSdtBV1ToJpH90V4xcOOq/E9lvI7WRftvn20sYCg6Ke7LdsMLi/xqFFVVF nS0FbDk3yHBj7DXE5ecH7nsnmRQP+SL1ClEzSj3xPM3mttcBtiDrlQ6qtGonSsIcd6OA h455AKd5Gg+QffLClRe9IztbmWCUP53rcaRiEi3cx8ugPm1OcDu2Y0SzLra8Fwm+F9ah AmOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=z7RY9qS6ga4NZQc0IILxqvogPEWqgGbj/RsMKWUNe0M=; b=GMKdbef/Y8BK3Je40r1+LFohQOgvHebIahqcto8CrEUKmd5Uz3OLvbhPGgn4dk4+3d V6KK7wC6GYoMKtbmg3u6U2Tgd5t7Bux+1nIVY7GGnStlGwwqVs7I68zycogKSEHeDaBR cSePeu4STF0h3EQavLa10QWMGV1j/YKirKfieNZz0QXS82qtT4RFeOCURIkSNQdREKBt srzO72m3bPnU+XfWzCcc7z3LEQB2A7pkxPYLv/Z09ayUE7YcCSZXw/D2TLi4dA5VRZ9Q ym/kBxGkZonc6q6TaxO+3jv32MvtrzR34UrjnaFFXxS7eup0mECzKYF5LyPOKXulhwrV 85fQ==
X-Gm-Message-State: AIVw112n99ZywOHg/0TDjKIWwNcxI1R+T8LT/jsSONyYieSEWoxEeBl5 YXJyxbiWraPv/L8SuIwXU8AUsysKoBkpfCsfig==
X-Received: by 10.31.78.65 with SMTP id c62mr9713596vkb.6.1500201415978; Sun, 16 Jul 2017 03:36:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.39.165 with HTTP; Sun, 16 Jul 2017 03:36:15 -0700 (PDT)
From: Warren Kumari <warren@kumari.net>
Date: Sun, 16 Jul 2017 06:36:15 -0400
Message-ID: <CAHw9_iJ_vZmQafKiMZMTSR8V0Z9n-5hLV09goMXpxz1fX=izgA@mail.gmail.com>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/cMuiBNy9qenHNLNi7DcLFpeA6rQ>
Subject: [dns-privacy] DNS-over-TLS on the IETF network...
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jul 2017 10:36:59 -0000
Hi there all, Just wanted to make sure that people had seen this: https://tickets.meeting.ietf.org/wiki/IETF99Experiments Basically, we are running an experimental DNS-over-TLS service on the IETF 99 network. This is implemented as an stunnel, which proxies queries to the normal IETF servers. The linked page has example Stubby / Unbound configs. We are logging the number of packets going to port 853 (as a rough proxy for number of queries), but are not logging other info. Feel free to use this and provide feedback, etc. W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [dns-privacy] DNS-over-TLS on the IETF network... Warren Kumari
- Re: [dns-privacy] DNS-over-TLS on the IETF networ… Willem Toorop