1 Mar
2017
1 Mar
'17
3:52 p.m.
Hi Stephane, On 2017/03/01 1:13 , Stephane Bortzmeyer wrote:
DNS-over-TLS (RFC 7858) is important for privacy but, today, few DNS resolvers support it. It would be interesting to measure if this is changing, but the probes do not seem to be able to query their resolver with TLS over port 853. (Also, I seem to remember that old probes do not have a full TLS implementation.)
What works today is the sslgetcert measurement and traceroute with tcp. That should give some idea about how often 853 is blocked. At the moment, no probes have a full tls implementation (in the measurement code).
So, how about adding a 'use_tls': True after 'use_probe_resolver': True?
That makes sense, but there are a lot of things to do wrt probe code. Philip