• Marek Vavruša's avatar
    daemon: allow opportunistic DNS over TLS to origins · a1ba8458
    Marek Vavruša authored
    This commit allows opportunistic DNS over TLS to origins configured
    as supporting DoT on port 853. It also adds interface for clearing
    configured TLS clients to allow runtime reconfiguration.
    
    The general mode of operation is as follows:
    
    1. Produce a new outgoing query
    2. Check if the selected upstream address has configured TLS support on port 853
     2a. If it does: upgrade to DNS over TLS, it cannot be downgraded from this point
     2b. If not: continue with preferred protocol
    
    This allows further automatic discovery as in [1], but right now it has to be configured
    manually.
    
    [1]: https://tools.ietf.org/id/draft-bortzmeyer-dprive-resolver-to-auth-00.html
    
    (cherrypicked from cloudflare branch, need to be adapted)
    a1ba8458
Name
Last commit
Last update
bench Loading commit data...
ci Loading commit data...
client Loading commit data...
contrib Loading commit data...
daemon Loading commit data...
distro Loading commit data...
doc Loading commit data...
etc Loading commit data...
lib Loading commit data...
modules Loading commit data...
scripts Loading commit data...
tests Loading commit data...
.clang-tidy Loading commit data...
.dir-locals.el Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.gitmodules Loading commit data...
.luacheckrc Loading commit data...
.travis.yml Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
CodingStyle Loading commit data...
Dockerfile Loading commit data...
Makefile Loading commit data...
NEWS Loading commit data...
README.md Loading commit data...
config.mk Loading commit data...
coverage.mk Loading commit data...
platform.mk Loading commit data...