dns over tls or dns over https
Hi could someone give me an idea about dillo using 'dns over tls' or 'dns over https'? or using dnssec? what about dillo using mbed-tls vs openssl? the configuration only shows a --disable-mbedtls
Hi, On Sat, Jun 01, 2024 at 01:27:07PM -0600, pastebin@gmx.com wrote:
Hi
could someone give me an idea about dillo using 'dns over tls' or 'dns over https'? or using dnssec?
The mobilized fork has added support for it, as it is provided by libcurl (which they have switched to):
20240522: New tarball. To enable DNS-over-HTTPS (DoH), you can now set the preference dns_over_https_url.
https://www.toomanyatoms.com/software/mobilized_dillo.html My recommendation is to setup a local resolver on your machine, so all name resolution is handled by it, not just Dillo. Then you can use whatever mechanism you want (DoH, DoT, DNSSEC...). This would be especially useful if you download a file with Dillo, as it would launch an external wget process. Or if you use any plugin that performs network operations on its own. Here are some docs (even if you don't use Arch): https://wiki.archlinux.org/title/DNS-over-HTTPS https://wiki.archlinux.org/title/DNSSEC I didn't check on my own how well that works, but I would rather keep it out of Dillo if posible.
what about dillo using mbed-tls vs openssl? the configuration only shows a --disable-mbedtls
The DNS resolution is done prior to interacting with any TLS library. There is also a --disable-openssl switch to search for mbed TLS only, see ./configure --help. Best, Rodrigo.
Thanks - good information are you getting my emails to your gmail email? suggestion add 'to search for mbed TLS only' to '--disable-openssl' switch :) why don't you like dnssec? On Sat, 1 Jun 2024 21:58:42 +0200 Rodrigo Arias <rodarima@gmail.com> wrote:
Hi,
On Sat, Jun 01, 2024 at 01:27:07PM -0600, pastebin@gmx.com wrote:
Hi
could someone give me an idea about dillo using 'dns over tls' or 'dns over https'? or using dnssec?
The mobilized fork has added support for it, as it is provided by libcurl (which they have switched to):
20240522: New tarball. To enable DNS-over-HTTPS (DoH), you can now set the preference dns_over_https_url.
https://www.toomanyatoms.com/software/mobilized_dillo.html
My recommendation is to setup a local resolver on your machine, so all name resolution is handled by it, not just Dillo. Then you can use whatever mechanism you want (DoH, DoT, DNSSEC...).
This would be especially useful if you download a file with Dillo, as it would launch an external wget process. Or if you use any plugin that performs network operations on its own.
Here are some docs (even if you don't use Arch):
https://wiki.archlinux.org/title/DNS-over-HTTPS https://wiki.archlinux.org/title/DNSSEC
I didn't check on my own how well that works, but I would rather keep it out of Dillo if posible.
what about dillo using mbed-tls vs openssl? the configuration only shows a --disable-mbedtls
The DNS resolution is done prior to interacting with any TLS library. There is also a --disable-openssl switch to search for mbed TLS only, see ./configure --help.
Best, Rodrigo. _______________________________________________ Dillo-dev mailing list -- dillo-dev@mailman3.com To unsubscribe send an email to dillo-dev-leave@mailman3.com
Hi, On Sat, Jun 01, 2024 at 02:21:36PM -0600, pastebin@gmx.com wrote:
Thanks - good information
are you getting my emails to your gmail email?
Got them now, as they went so spam.
suggestion add 'to search for mbed TLS only' to '--disable-openssl' switch :)
Good idea.
why don't you like dnssec?
I do, just didn't configured it in this machine. Rodrigo.
Rodrigo Arias <rodarima-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
On Sat, Jun 01, 2024 at 02:21:36PM -0600, pastebin-KK0ffGbhmjU@public.gmane.org wrote:
suggestion add 'to search for mbed TLS only' to '--disable-openssl' switch :)
Good idea.
Yes when I first tried to build with MbedTLS I assumed '--enable-mbedtls' would work, then I had to run configure again with '--disable-openssl' when I saw it had still selected OpenSSL. At least the "Configuration summary" makes these mistakes much more obvious than most other configure scripts do.
participants (3)
-
Kevin Koster -
pastebin@gmx.com -
Rodrigo Arias