Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DNS-over-TLS and DNS-over-HTTPS query capability via kdig #70

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

nbkowalewski
Copy link

add DNS-over-TLS and DNS-over-HTTPS query capability by adding kdig from KNOT DNS project in its Alpine Linux package flavor.

The closest thing to have native DoT/DoH query capability with dig is kdig, the knot-dnsutils of the KNOT DNS project.
So i want to just adding that to https://github.com/nicolaka/netshoot Dockerfile list of installs.
@nbkowalewski nbkowalewski changed the title Add DNS-over-TLS and DNS-over-HTTPS query capability via kdigs Add DNS-over-TLS and DNS-over-HTTPS query capability via kdig May 28, 2021
@nicolaka
Copy link
Owner

@nbkowalewski nslookup/dig don't provide these capabilities ?

@nbkowalewski
Copy link
Author

Thanks for asking - and yes, you are correct: DoH, DoT support are missing in the dig included in the current stable release of bind [1]: https://bind9.readthedocs.io/en/v9_16_17/manpages.html#dig-dns-lookup-utility

For nslookup i didn't check, since i don't consider it really fit for protocol detail debugging.

kdig supported it quite early and the authors sere wise enough to aim for coming up with "as dig like as possible" command line options.

DoH support for dig is as far as i understand (=possibly wrong, yet hopefully not) only in bind developer release since March 2021, [2] as part of 9.17.11

DoT support for dig came in a bit earlier, in developer release 9.17.7

So, assuming that 9.17.xx will at one point in time procreate into the next even number 9.18.xx stable release version of bind, i'd suggest to conclude it'll take quite a bit more time until we see a widespread of dig with DoT/DoH, thus I propose inclusion of kdig for the time being.

References
[1] https://bind9.readthedocs.io/en/v9_16_17/manpages.html#dig-dns-lookup-utility
[2] https://bind9.readthedocs.io/en/v9_17_11/manpages.html?highlight=dig#dig-dns-lookup-utility
[3] https://bind9.readthedocs.io/en/v9_17_7/manpages.html?highlight=dig#dig-dns-lookup-utility

Enlist kdig in the tool set
@nbkowalewski
Copy link
Author

nbkowalewski commented Nov 26, 2021

Hi again, do you need more to merge this, and if yes, what do you think needs to be different?

Its really only because at this time kdig is ahead of dig in native support for TLS security.
Thus it at least can't harm to have kdig even if dig is there already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants