On 12.06.2021 14:24, Richard T.A. Neal wrote:
Mainsh – I haven’t done any experimenting with DOT, but there’s a guide for configuring DOH at the following page. It requires BIND 9.17.10 or higher (DOH isn’t being backported to BIND 9.16): https://www.isc.org/blogs/doh-talkdns/Walter – I’m not sure why you’d say DOH/DOT is dead and to instead use DNSSEC. DOH/DOT and DNSSEC are two completely different things meant for two completely different DNS functions – there is no overlap.
short explanation:the requirement for using DOH is to allow HTTPS requests with a Host of just an IP,
which you would rather block;and for both DOT and DOH are SSL-certificates with a IP address in its SAN, which you also rather reject;
and the overlap you don't see is the reason why one would use DOT or DOH;
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
