Warren Kumari wrote:
... <no hats> ... what I'd alway wanted[0] was to be able to setup my own recursive name server somewhere on the Internet, and then only allow myself (and a few of my closest friends) to be able to query it. 1: Obviously having it as an open-recursive is not the answer (e.g it would show up in Jared's list within a few days :-)) 2: Everyone travels, and so adding and removing myself (and a few of my closest friends) from ACLs won't realistically work 3: The obvious "just use a VPN" / SSH tunnels / etc is simply annoying.
i set up a dns-over-https tunnel for myself three years ago and promptly forgot all about it. note: i am easily annoyed.
https://github.com/BII-Lab/DNSoverHTTP that said:
... SIG(0) seemed like the perfect solution -- toss something in resolv.conf next to the nameserver, and <handwave> magic happens. Unfortunately, this doesn't actually, you know, exist...
i agree. if it existed, i would use it, except when behind middleboxes who "know" what dns has to look like.
(and much of it can now be solved with DNS-over-TLS, but still...)
unless you're behind a middlebox that "knows" what dns has to look like.
... So, SIG(0) could be many nice things, but without more implementations is is hobbled...
i'd love to see it implemented. -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
