As a follow-up to the webinar entitled “How to create and test your DNS-over-TLS and DNS-over-HTTPS (DoT/DoH) resolver”, Afnic publishes the resources presented on this occasion, in association with its Scientific Council.
The DNS is used in almost all exchanges on the Internet (access to domain names, services, applications, etc.)
This major protocol was one of the last to start using encryption protection for the transport of information (requests and responses). It has evolved rapidly in the past few years to strengthen the security of DNS requests and the use of new channels (TLS, http/2 and http/3) so as to no longer transit the network in plain text.
The main objective of this is to protect the link between the user and the configured resolver.
It should be noted that the strengthening of the level of confidentiality of exchanges is complementary to DNSSEC, which remains a necessary mechanism for verifying the integrity of a DNS response.
Having observed that there were hardly any resources in French on the implementation of a DoT or DoH resolver (at present mainly guides to configuring the transfer of requests to a third-party resolver that supports DoT or DoH), Afnic decided to fill this gap by publishing these new contributions illustrated by specific examples and accessible to all French-speaking individuals and organisations, to expand their knowledge on this subject.
They will thus be able to test the implementation of a DoT or DoH resolver and check its correct functioning in line with standards thanks to the free software application developed by Afnic (RFC 7858 for DoT and RFC 8484 for DoH).
Afnic, which is committed to transferring expertise by sharing and disseminating knowledge, hopes to contribute to a better understanding of these developments and their widespread adoption by resolver operators, who are currently key players for the diversity and resilience of the Internet.
Afnic, which is committed to transferring expertise by sharing and disseminating knowledge, hopes to contribute to a better understanding of these developments and their widespread adoption by resolver operators, who are currently essential players for the diversity and resilience of the Internet.
The resources made available in French are the following:
- Video of the webinar (hereunder).
- The tutorial “Create your own DoT/DoH resolver” available from Afnic Labs’ Gitlab.
- The free software application developed by Afnic allowing you to test the implementation of DoT and DoH resolvers for conformity to the standards.
Our special thanks to Stéphane Bortzmeyer and Alexandre Pion for all this work.
Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.
In addition to managing French TLDs, Afnic’s role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, has committed to devoting 11% of its Revenues from managing .fr Top Level Domain to actions of general interest, in particular by transferring €1.3 million each year to the Afnic Foundation for Digital Solidarity.
Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.
Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has nearly 90 employees.