User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:public:dns_knot_misc [2018/07/04 12:40]
vcunat add: interactive command console
en:public:dns_knot_misc [2018/07/24 18:46] (current)
vcunat There's no DNS over HTTPS in knot-resolver
Line 39: Line 39:
 **Speed**: the difference is highly dependent on the particular network setup and the queries, IMHO.  Note that local DNSSEC validation kills a part of the speed advantage of forwarding (maybe a significant one), because a single answer from a resolver won't contain all information to verify the whole chain from the root (or to verify that the chain is broken at some point and the record is correctly unsigned). **Speed**: the difference is highly dependent on the particular network setup and the queries, IMHO.  Note that local DNSSEC validation kills a part of the speed advantage of forwarding (maybe a significant one), because a single answer from a resolver won't contain all information to verify the whole chain from the root (or to verify that the chain is broken at some point and the record is correctly unsigned).
  
-==== Using DNS over TLS or HTTPS ====+==== Using DNS over TLS ====
  
 Since Turris OS > 3.9.6 (more specifically,​ knot version >= 2.0.0) there is option to use encryption for DNS queries. This doesnt work well with **Forwarding DNS** option enabled. Related forum thread is [[https://​forum.turris.cz/​t/​using-dns-over-tls-or-https/​6996|here]]. Tutorial shows example with Cloudflare servers. Since Turris OS > 3.9.6 (more specifically,​ knot version >= 2.0.0) there is option to use encryption for DNS queries. This doesnt work well with **Forwarding DNS** option enabled. Related forum thread is [[https://​forum.turris.cz/​t/​using-dns-over-tls-or-https/​6996|here]]. Tutorial shows example with Cloudflare servers.