The officially official Devuan Forum!

You are not logged in.

#1 2023-10-13 10:00:36

Boina
Member
Registered: 2023-10-13
Posts: 3  

Presentation and question about DoT

Hello all.

I'm a long term Debian user (since 1998 I think), currently I'm using Debian testing and sometimes Linux Mint. I'm thinking to try Devuan too.

Last days I was reading about activate DoT (DNS over TLS), in Debian wiht systemd it seems relay on NetworkManager and a systemd optional service. But I was searching about implement it in a installation without systemd (Devuan), but I couldn't any info.

How would be such a service in Devuan?

Best regards and thanks in advanced

Offline

#2 2023-10-13 11:02:19

alexkemp
Member
Registered: 2018-05-14
Posts: 357  

Re: Presentation and question about DoT

The closest that I've been able to find is Trust-DNS (dns-over-https + dns-over-rustls).

Here are search results showing all variants:

$ apt search Trust-DNS
Sorting... Done
Full Text Search... Done
librust-async-std-resolver-dev/stable 0.22.0-1+b1 amd64
  Trust-DNS is a safe and secure DNS library, for async-std - Rust source code

librust-trust-dns-client-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS library - Rust source code

librust-trust-dns-proto-dev/stable 0.22.0-4 amd64
  Trust-DNS is a safe and secure DNS library - Rust source code

librust-trust-dns-resolver-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS library - Rust source code

librust-trust-dns-server+backtrace-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "backtrace"

librust-trust-dns-server+dns-over-https-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dns-over-https"

librust-trust-dns-server+dns-over-https-rustls-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dns-over-https-rustls"

librust-trust-dns-server+dns-over-openssl-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dns-over-openssl" and 2 more

librust-trust-dns-server+dns-over-rustls-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dns-over-rustls"

librust-trust-dns-server+dnssec-openssl-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dnssec-openssl"

librust-trust-dns-server+dnssec-ring-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "dnssec-ring"

librust-trust-dns-server+h2-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "h2"

librust-trust-dns-server+http-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "http"

librust-trust-dns-server+openssl-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "openssl"

librust-trust-dns-server+rusqlite-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "rusqlite" and 1 more

librust-trust-dns-server+rustls-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "rustls"

librust-trust-dns-server+tokio-openssl-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "tokio-openssl"

librust-trust-dns-server+tokio-rustls-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "tokio-rustls"

librust-trust-dns-server+trust-dns-resolver-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - feature "trust-dns-resolver" and 1 more

librust-trust-dns-server-dev/stable 0.22.0-2 amd64
  Trust-DNS is a safe and secure DNS server with DNSSec support - Rust source code

Offline

#3 2023-10-13 21:33:22

delgado
Member
Registered: 2022-07-14
Posts: 212  

Re: Presentation and question about DoT

Are you looking for a local DNS cache or DNS resolver?
Like e.g. dnsmasq or unbound. Most likely these can be configured to use encrypted connections.

Edit: Just the colour.

Last edited by delgado (2023-10-14 17:19:54)

Offline

#4 2023-10-16 08:09:51

Boina
Member
Registered: 2023-10-13
Posts: 3  

Re: Presentation and question about DoT

Hello.

I'm not sure about, I don't know much about this topic, I'm learning  now.

In https://dns0.eu there are some lines setting up something, I suppose is for a resolver, not a cache.
I'd like to know how to setup something like this but without systemd.

Regards

Offline

#5 2023-10-16 08:55:14

steve_v
Member
Registered: 2018-01-11
Posts: 381  

Re: Presentation and question about DoT

IMO your best option is to run unbound as a local caching resolver. This is what OpenBSD does, and configuration examples for such should be easy enough to adapt.
Pretty sure dnsmasq can do this as well, if you prefer it.


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

Board footer