Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jan 2018 20:31:57 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Feature request: TCP DNS support

On Thu, Jan 04, 2018 at 02:05:06AM +0200, Stefan Fröberg wrote:
> Dear Sir
> 
> I have managed to compile my own, statically linked, portable little
> browser that uses musl and QtWebKit.
> 
> Initial tests looks good but when testing encrypted DNS-over-TLS (which
> needs TCP instead of UDP) with my system,
> I could get nowhere.
> So I guess musl does not yet support TCP DNS ?
> 
> Could you please add support for passing TCP DNS requests too with musl ?
> 
> It's all the rage now that Android has added support for it and the
> DNS-over-TLS
> standard starts to be finished, if not already finished.

The supported way to do this with musl is via a nameserver on
localhost responding to udp queries and performing whatever backend
queries you want it to do. This (having a ns on localhost) is
fundamentally necessary for meaningful DNSSEC support anyway, too.

Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
for that you would need a TLS stack in libc. And you really don't want
that.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.