Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 4 Jan 2018 14:55:54 +0200
From: Stefan Fröberg <stefan.froberg@...roprogram.com>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: Feature request: TCP DNS support

Hello Rich


Rich Felker kirjoitti 04.01.2018 klo 03:31:
> On Thu, Jan 04, 2018 at 02:05:06AM +0200, Stefan Fröberg wrote:
>> Dear Sir
>>
>> I have managed to compile my own, statically linked, portable little
>> browser that uses musl and QtWebKit.
>>
>> Initial tests looks good but when testing encrypted DNS-over-TLS (which
>> needs TCP instead of UDP) with my system,
>> I could get nowhere.
>> So I guess musl does not yet support TCP DNS ?
>>
>> Could you please add support for passing TCP DNS requests too with musl ?
>>
>> It's all the rage now that Android has added support for it and the
>> DNS-over-TLS
>> standard starts to be finished, if not already finished.
> The supported way to do this with musl is via a nameserver on
> localhost responding to udp queries and performing whatever backend
> queries you want it to do. This (having a ns on localhost) is
> fundamentally necessary for meaningful DNSSEC support anyway, too.
>
> Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
> for that you would need a TLS stack in libc. And you really don't want
> that.
>
> Rich

Oh, but doesn't OpenSSL handle the encryption, aka TLS part ?
What source files in musl now currently handle the namelookup ?

Best regards
Stefan Fröbreg
 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.