DNS over TLS

[sfx2000]

No decision yet, waiting for the technology to mature a bit more before taking a look at it.

I agree - even Public DNS providers are looking into this, as DNS-over-TLS is generally a good thing, but it impacts existing efforts...

Cloudflare is pretty aggressive at getting things working on their end - Google Public DNS, they've got early stuff, but at the cost of cutting eDNS in the short term until they can sort things with the trust relationships.

Folks talk about OpenWRT - most of the development here on the tip, along with WPA3, is just that, it's not production quality yet - sync up to the master and feeds, cross your fingers, it'll build, but it might not work - depends on the community there.

OpenWRT Master eats babies - toss them some - nom nom nom, feed them more.

OpenWRT releases - like 18.06, much more stable, but there - OpenWRT 18.06 is well ahead of most vendors' SDK's - QCA, for example, is still on Chaos Calmer with QSDK, and I would suspect that Broadcom's HND platform is pretty close to that baseline as well...

 

[sfx2000]

Folks talk about OpenWRT - most of the development here on the tip, along with WPA3, is just that, it's not production quality yet - sync up to the master and feeds, cross your fingers, it'll build, but it might not work - depends on the community there.

OpenWRT Master eats babies - toss them some - nom nom nom, feed them more.

OpenWRT releases - like 18.06, much more stable, but there - OpenWRT 18.06 is well ahead of most vendors' SDK's - QCA, for example, is still on Chaos Calmer with QSDK, and I would suspect that Broadcom's HND platform is pretty close to that baseline as well...

FWIW - I'm not working on OpenWRT WPA3 or DNS over TLS/HTTPS - those problems have kinda of been solved pending testing and moving things over to a release branch.

I've been more focused on newer 4G LTE device integration, as things there changed in a big way with the Linux kernel and supporting libraries and drivers...

 

[RMerlin]

but it impacts existing efforts...

And it drastically increases resource usage (network usage, round-trips, CPU for the encryption, etc...)

Implementing this might require some providers to upgrade their DNS infrastructure, so it's not just matter of flipping a switch.

 

[RMerlin]

Cloudflare is pretty aggressive at getting things working on their end - Google Public DNS, they've got early stuff, but at the cost of cutting eDNS in the short term until they can sort things with the trust relationships.

No EDNS with Cloudflare either, they cite confidentiality reasons for not supporting it.