Bart van de Velde from Cisco talking about the emerging use of #QUIC at #RIPE86. In the next release of our free, #OpenSource #DNS resolver Unbound, we’ll offer support for DNS-over-QUIC. #DoQ https://github.com/NLnetLabs/unbound/pull/871

Our DNS-over-QUIC implementation for Unbound #DNS resolver is now ready for review! #DoQ #OpenSource #OpenStandards https://github.com/NLnetLabs/unbound/pull/871

@danwing The attack works by having a pretend client send a forged packet to the #QUIC server, setting source address and port to the target values, plus using invalid QUIC version. Legit traffic comes from clients (ports > 1024?) and perhaps, rarely, from QUIC servers. It is very unlikely to come from port 53, for example (#DoQ specifically says don't do that). Protection could work now. Downside is maybe impeding VN, but we do have a safe alternative for VN: https://www.ietf.org/archive/id/draft-ietf-quic-version-negotiation-09.html

@rgacogne @farrokhi I think #DoQ (#DNS over #QUIC) is a good fit for the "recursive to authoritative" traffic, while there is lots of competition in the "stub to recursive" case.

Implementing DNS-over-QUIC in Unbound is turning out to be quite an adventure, but we're making good progress! #DNS #DoQ #OpenSource #clang #SoftwareDevelopment https://github.com/NLnetLabs/unbound/commit/aa8c9c4367792c674c76181c3fbfdee9996e9be8

@partim is now giving the entire NLnet Labs #DNS team a detailed rundown of the #Rust domain crate, setting the stage for our #rustlang development work for DNS in 2023. Exciting times ahead! #OpenSource #programming #DoT #DoH #DoQ #DNSSEC

Check out Philip Homburg's #IETF draft "Control Options For #DNS Client Proxies". It introduces EDNS(0) options that allow a stub resolver to request certain transport and allow the proxy to report capabilities and actual transports that are available. #IETF115 #OpenStandards #DoT #DoH #DoQ https://datatracker.ietf.org/doc/draft-homburg-add-codcp/

@leyrer people are still using DoT? #DoH #DoQ (mandataory: /s)

RT @Le_Alternative
Una lunga lista di alternative: quali DNS privati utilizzare? Vi proponiamo anche molti DNS per bloccare pubblicità e traccianti!
#adguard #dnsprivati #doh #doq #dot #nextdns #quad9

https://www.lealternative.net/2022/07/13/quali-dns-privati-utilizzare/

Quali DNS privati utilizzare?

Una lunga lista di alternative: quali DNS privati utilizzare? Vi proponiamo anche molti DNS per bloccare pubblicità e traccianti!

LINK --> https://www.lealternative.net/2022/07/13/quali-dns-privati-utilizzare/

#OltreGoogle #adguard #dnsprivati #doh #doq #dot #nextdns #quad9

RFC 9250: DNS over Dedicated QUIC Connections

Ce nouveau #RFC complète la série des mécanismes de protection cryptographique du DNS. Après DoT et DoH, voici #DoQ, #DNS sur #QUIC. On notera que bien que QUIC ait été conçu essentiellement pour les besoins de HTTP, c'est le DNS qui a été la première application normalisée de QUIC.

https://www.bortzmeyer.org/9250.html

If you examine your network traffic, #DoQ runs by default over port 853 (like DNS over DTLS, which nobody ever used).

#RIPE84

And now #DNS working group. Let's start with Sara Dickinson presenting (remotely) #DoQ (DNS over #QUIC). DNS over TLS is boring, DNS over HTTPS is too mainstream, let's do it over QUIC. The world needs more protocols for encrypted DNS :-)

#RIPE84

@R1Rail Les trois, tu veux dire, avec #DoQ :-)

Current status: reading the mailing list of the #QUIC working group at #IETF: "should we work on #DoQ [#DNS over QUIC]?"

#DoT #DoH