As a follow-up to the webinar entitled “How to create and test your DNS-over-TLS and DNS-over-HTTPS (DoT/DoH) resolver”, Afnic publishes the resources presented on this occasion, in association with its Scientific Council.
The DNS is used in almost all exchanges on the Internet (access to domain names, services, applications, etc.)
This major protocol was one of the last to start using encryption protection for the transport of information (requests and responses). It has evolved rapidly in the past few years to strengthen the security of DNS requests and the use of new channels (TLS, http/2 and http/3) so as to no longer transit the network in plain text.
The main objective of this is to protect the link between the user and the configured resolver.
It should be noted that the strengthening of the level of confidentiality of exchanges is complementary to DNSSEC, which remains a necessary mechanism for verifying the integrity of a DNS response.
Having observed that there were hardly any resources in French on the implementation of a DoT or DoH resolver (at present mainly guides to configuring the transfer of requests to a third-party resolver that supports DoT or DoH), Afnic decided to fill this gap by publishing these new contributions illustrated by specific examples and accessible to all French-speaking individuals and organisations, to expand their knowledge on this subject.
They will thus be able to test the implementation of a DoT or DoH resolver and check its correct functioning in line with standards thanks to the free software application developed by Afnic (RFC 7858 for DoT and RFC 8484 for DoH).
Afnic, which is committed to transferring expertise by sharing and disseminating knowledge, hopes to contribute to a better understanding of these developments and their widespread adoption by resolver operators, who are currently key players for the diversity and resilience of the Internet.
Afnic, which is committed to transferring expertise by sharing and disseminating knowledge, hopes to contribute to a better understanding of these developments and their widespread adoption by resolver operators, who are currently essential players for the diversity and resilience of the Internet.
The resources made available in French are the following:
- Video of the webinar (hereunder).
- The tutorial “Create your own DoT/DoH resolver” available from Afnic Labs’ Gitlab.
- The free software application developed by Afnic allowing you to test the implementation of DoT and DoH resolvers for conformity to the standards.
Our special thanks to Stéphane Bortzmeyer and Alexandre Pion for all this work.