For folk wondering what Ray is referring to below, I posted this to the DPRIVE (dns-privacy@) list last night. I was originally going to CC dnsop@ but cross-posting leads to many "your message could not be delivered, you aren't subscribed" errors. The obvious, bestest solution would just be for everyone in dnsop to subscribe to dns-privacy@ -- we're a friendly bunch, and are always looking for more victims for reviews^w^w^w participants... :-)
Original DPRIVE email: --------- Hi all, I have created a Docker container for easily deploying a DPRIVE RFC7858 (DNS over TLS) server. This is implemented by putting a TLS proxy (NGINX) in front of a recursive nameserver (BIND). It can be found here: https://github.com/wkumari/dprive-nginx-bind This repo contains the Dockerfile, some rudimentary documentation and supporting files, including NGINX and BIND configs, and some Google Container Engine configs for starting and running the container / service. Most of the credit goes to Sara / Sinodun for documenting how to run BIND behind NGINX as a TLS proxy. I just wrapped this up in a container. Please let me know what you think, open issues, send pull requests, etc. Thanks. W On Fri, Jan 6, 2017 at 9:49 AM Ray Bellis <r...@isc.org> wrote: > Spurred on by Warren's announcement of a Docker image that uses NGINX to > proxy TLS connections into DNS servers that don't natively support TLS, > I've just written up this short draft describing an EDNS0 option that > allows smart proxies to tell the backend server what the original client > IP address was. > > The master doc is at https://github.com/raybellis/draft-bellis-dnsop-xpf > > Ray > > -------- Forwarded Message -------- > Subject: New Version Notification for draft-bellis-dnsop-xpf-00.txt > Date: Fri, 06 Jan 2017 06:18:40 -0800 > From: internet-dra...@ietf.org > To: Ray Bellis <r...@isc.org> > > > A new version of I-D, draft-bellis-dnsop-xpf-00.txt > has been successfully submitted by Ray Bellis and posted to the > IETF repository. > > Name: draft-bellis-dnsop-xpf > Revision: 00 > Title: EDNS X-Proxied-For > Document date: 2017-01-06 > Group: Individual Submission > Pages: 6 > URL: > https://www.ietf.org/internet-drafts/draft-bellis-dnsop-xpf-00.txt > Status: https://datatracker.ietf.org/doc/draft-bellis-dnsop-xpf/ > Htmlized: https://tools.ietf.org/html/draft-bellis-dnsop-xpf-00 > > > Abstract: > It is becoming more commonplace to install front end proxy devices in > front of DNS servers to provide (for example) load balancing or to > perform transport layer conversions. > > This document defines an option within the EDNS(0) Extension > Mechanism for DNS that allows a DNS server to receive the original > client source IP address when supplied by trusted proxies. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
