On Fri, Sep 08, 2023 at 04:50:18PM +0200, Christoph via Pdns-users wrote: > Hello! > > I'm looking for documentation about configuring > recursor to talk DoT to a recursive resolver. > > This minimal config works: > > dot-to-port-853=yes > forward-zones-recurse=.=1.1.1.1:853;1.0.0.1:853 > > but compared to DNSdist newServer() configuration options > I'm not sure about: > > - does it validate the server certificate? how do I configure the name when > performing certificate verification?
No validation is done, this is hinted at in https://docs.powerdns.com/recursor/settings.html#dot-to-auth-names > - does it support TCP fast open? Yes, if tcp-fast-open-connect=yes, but please read https://docs.powerdns.com/recursor/performance.html#tcp-fast-open-support > - does it support out of order processing? No, but it will keep outgoing connections open for a while and re-use if the opportunity arises. Some rules as regular TCP outgoing queries apply, see the tcp-out-* settings. > - how are queries distributed across multiple servers? The recursor will use the fastest, but probe the slower ones once in a while tio get up-to-date round-trip times. > Or is it generally better to have a > recursor -> dnsdist -> upstreams resolver > setup to be able to use dnsdist's configuration options there? if you have reasons to need these features, then yes. > > best regards, > Christoph _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
