The developers of the BIND DNS server announced that they have added server support technologies to the experimental branch 9.17 “DNS over HTTPS” (DoH, DNS over HTTPS) and DNS over TLS (DoT, DNS over TLS), as well as the XFR-over-TLS mechanism for the secure transfer of DNS zones content between servers. DoH available for testing in 9.17 release. 10, and DoT support has been present since 9.17.7 . Once stabilized, support for DoT and DoH will be backported to the 9.16 stable branch.
The implementation of the HTTP / 2 protocol used in DoH is based on the use of the nghttp2 library, which is included in the assembly dependencies (in the future, the library is planned to be translated as optional dependencies). Both encrypted (TLS) and unencrypted HTTP / 2 connections are supported. With the appropriate settings, a single named process can now serve not only traditional DNS requests, but also requests sent using DoH (DNS-over-HTTPS) and DoT (DNS-over-TLS). Client-side HTTPS support (dig) is not yet implemented. XFR-over-TLS support is available for both inbound and outbound requests.
Processing requests using DoH and DoT enabled by adding http options and tls in the listen-on directive. To support unencrypted DNS-over-HTTP, you should specify “tls none” in the settings. Keys are defined in the “tls” section. The default network ports 853 for DoT, 443 for DoH and 80 for DNS-over-HTTP can be overridden via the tls-port, https-port and http-port parameters. For example:
tls local-tls {key-file “/path/to/priv_key.pem”; cert-file “/path/to/cert_chain.pem”; }; http local-http-server {endpoints {“/ dns-query”; }; }; options {https-port 443; listen-on port 443 tls local-tls http myserver {any;}; }
Of the features of the DoH implementation in BIND, integration is noted as a general transport, which can be used not only to process client requests to the resolver, but also when exchanging data between servers, when transferring zones by an authoritative DNS server and when processing any requests. supported by other DNS transports.