Package: wnpp Severity: wishlist Owner: Kan-Ru Chen <kos...@debian.org>
* Package name : nss-tls Version : pre-release Upstream Author : Dima Krasner <d...@dimakrasner.com> * URL : https://github.com/dimkr/nss-tls * License : LGPL-2.1 Programming Lang: C Description : encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH) nss-tls is an alternative, encrypted name resolving library to use with glibc, which uses DNS-over-HTTPS (DoH). The glibc name resolver can be configured through nsswitch.conf(5) to use nss-tls instead of the DNS resolver, or fall back to DNS when nss-tls fails. This way, all applications that use the standard resolver API (getaddrinfo(), gethostbyname(), etc'), are transparently migrated from DNS to encrypted means of name resolving, with zero application-side changes and minimal resource consumption footprint. However, nss-tls does not deal with applications that use their own, built-in DNS resolver. There should be three binary packages: 1. nss-tlsd - a daemon that runs in the background, receives name resolving requests over a Unix socket and replies with resolved addresses. 2. libnss_tls.so - is a tiny client library, which delegates the resolving work to nss-tlsd through the Unix socket and passes the results back to the application, without dependencies other than libc. 3. tlslookup - a utility program that is equivalent to nslookup(1), but uses libnss_tls.so instead of DNS.