mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-01 15:05:23 +00:00
Merge branch 'michal/miscellaneous-text-tweaks-related-to-doh-and-dot' into 'main'
Miscellaneous text tweaks related to DNS-over-HTTPS and DNS-over-TLS See merge request isc-projects/bind9!5743
This commit is contained in:
Michał Kępień
@@ -229,7 +229,7 @@ help(void) {
|
|||||||
"SERVFAIL)\n"
|
"SERVFAIL)\n"
|
||||||
" +[no]header-only (Send query without a "
|
" +[no]header-only (Send query without a "
|
||||||
"question section)\n"
|
"question section)\n"
|
||||||
" +[no]https[=###] (DNS over HTTPS mode) "
|
" +[no]https[=###] (DNS-over-HTTPS mode) "
|
||||||
"[/]\n"
|
"[/]\n"
|
||||||
" +[no]https-get (Use GET instead of "
|
" +[no]https-get (Use GET instead of "
|
||||||
"default POST method\n"
|
"default POST method\n"
|
||||||
@@ -294,7 +294,7 @@ help(void) {
|
|||||||
"(+[no]tcflag))\n"
|
"(+[no]tcflag))\n"
|
||||||
" +[no]tcp (TCP mode (+[no]vc))\n"
|
" +[no]tcp (TCP mode (+[no]vc))\n"
|
||||||
" +timeout=### (Set query timeout) [5]\n"
|
" +timeout=### (Set query timeout) [5]\n"
|
||||||
" +[no]tls (DNS over TLS mode)\n"
|
" +[no]tls (DNS-over-TLS mode)\n"
|
||||||
" +[no]trace (Trace delegation down "
|
" +[no]trace (Trace delegation down "
|
||||||
"from root "
|
"from root "
|
||||||
"[+dnssec])\n"
|
"[+dnssec])\n"
|
||||||
|
|||||||
@@ -340,7 +340,7 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
|
|||||||
are ignored when this is set.
|
are ignored when this is set.
|
||||||
|
|
||||||
``+[no]https[=value]``
|
``+[no]https[=value]``
|
||||||
This option indicates whether to use DNS-over-HTTPS (DoH) when querying
|
This option indicates whether to use DNS over HTTPS (DoH) when querying
|
||||||
name servers. When this option is in use, the port number defaults to 443.
|
name servers. When this option is in use, the port number defaults to 443.
|
||||||
The HTTP POST request mode is used when sending the query.
|
The HTTP POST request mode is used when sending the query.
|
||||||
|
|
||||||
@@ -537,7 +537,7 @@ abbreviation is unambiguous; for example, ``+cd`` is equivalent to
|
|||||||
5 seconds. An attempt to set ``T`` to less than 1 is silently set to 1.
|
5 seconds. An attempt to set ``T`` to less than 1 is silently set to 1.
|
||||||
|
|
||||||
``+[no]tls``
|
``+[no]tls``
|
||||||
This option indicates whether to use DNS-over-TLS (DoT) when querying
|
This option indicates whether to use DNS over TLS (DoT) when querying
|
||||||
name servers. When this option is in use, the port number defaults
|
name servers. When this option is in use, the port number defaults
|
||||||
to 853.
|
to 853.
|
||||||
|
|
||||||
|
|||||||
@@ -575,10 +575,11 @@ AC_ARG_WITH([libnghttp2],
|
|||||||
|
|
||||||
AS_IF([test "$enable_doh" = "yes"],
|
AS_IF([test "$enable_doh" = "yes"],
|
||||||
[AS_CASE([$with_libnghttp2],
|
[AS_CASE([$with_libnghttp2],
|
||||||
[no],[AC_MSG_ERROR([Use '--disable-doh' to disable DoH])],
|
[no],[AC_MSG_ERROR([Use '--disable-doh' to disable DNS-over-HTTPS support])],
|
||||||
[auto|yes],[PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0],
|
[auto|yes],[PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0],
|
||||||
[AC_DEFINE([HAVE_LIBNGHTTP2], [1], [Build with DoH support])],
|
[AC_DEFINE([HAVE_LIBNGHTTP2], [1], [Build with DNS-over-HTTPS support])],
|
||||||
[AC_MSG_ERROR([DoH requested, but libnghttp2 not found])])],
|
[AC_MSG_ERROR(m4_normalize([DNS-over-HTTPS support requested, but libnghttp2 not found.
|
||||||
|
Either install libnghttp2 or use --disable-doh.]))])],
|
||||||
[AC_MSG_ERROR([Specifying libnghttp2 installation path is not supported, adjust PKG_CONFIG_PATH instead])])])
|
[AC_MSG_ERROR([Specifying libnghttp2 installation path is not supported, adjust PKG_CONFIG_PATH instead])])])
|
||||||
|
|
||||||
AM_CONDITIONAL([HAVE_LIBNGHTTP2], [test -n "$LIBNGHTTP2_LIBS"])
|
AM_CONDITIONAL([HAVE_LIBNGHTTP2], [test -n "$LIBNGHTTP2_LIBS"])
|
||||||
|
|||||||
@@ -2530,10 +2530,10 @@ Use of an ``http`` specification requires ``tls`` to be specified
|
|||||||
as well. If an unencrypted connection is desired (for example,
|
as well. If an unencrypted connection is desired (for example,
|
||||||
on load-sharing servers behind a reverse proxy), ``tls none`` may be used.
|
on load-sharing servers behind a reverse proxy), ``tls none`` may be used.
|
||||||
|
|
||||||
If a port number is not specified, the default is 53 for standard DNS, 853
|
If a port number is not specified, the default is 53 for standard DNS,
|
||||||
for DNS over TLS, 443 for DNS over HTTPS, and 80 for DNS over unenecrypted
|
853 for DNS over TLS, 443 for DNS over HTTPS, and 80 for
|
||||||
HTTP. These defaults may be overridden using the ``port``, ``tls-port``,
|
DNS over HTTP (unencrypted). These defaults may be overridden using the
|
||||||
``https-port`` and ``http-port`` options.
|
``port``, ``tls-port``, ``https-port`` and ``http-port`` options.
|
||||||
|
|
||||||
Multiple ``listen-on`` statements are allowed. For example:
|
Multiple ``listen-on`` statements are allowed. For example:
|
||||||
|
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ Inspecting Encrypted DNS Traffic
|
|||||||
BIND 9 is built against. For OpenSSL, version 1.1.1 or newer is
|
BIND 9 is built against. For OpenSSL, version 1.1.1 or newer is
|
||||||
required (use ``named -V`` to check).
|
required (use ``named -V`` to check).
|
||||||
|
|
||||||
By definition, TLS-encrypted traffic (e.g. DNS-over-TLS, DNS-over-HTTPS)
|
By definition, TLS-encrypted traffic (e.g. DNS over TLS, DNS over HTTPS)
|
||||||
is opaque to packet sniffers, which makes debugging problems with
|
is opaque to packet sniffers, which makes debugging problems with
|
||||||
encrypted DNS close to impossible. However, Wireshark_ offers a
|
encrypted DNS close to impossible. However, Wireshark_ offers a
|
||||||
solution_ to this problem by being able to read key log files. In order
|
solution_ to this problem by being able to read key log files. In order
|
||||||
|
|||||||
@@ -362,7 +362,7 @@ default is to add a question section. The query type and query name
|
|||||||
are ignored when this is set.
|
are ignored when this is set.
|
||||||
.TP
|
.TP
|
||||||
.B \fB+[no]https[=value]\fP
|
.B \fB+[no]https[=value]\fP
|
||||||
This option indicates whether to use DNS\-over\-HTTPS (DoH) when querying
|
This option indicates whether to use DNS over HTTPS (DoH) when querying
|
||||||
name servers. When this option is in use, the port number defaults to 443.
|
name servers. When this option is in use, the port number defaults to 443.
|
||||||
The HTTP POST request mode is used when sending the query.
|
The HTTP POST request mode is used when sending the query.
|
||||||
.sp
|
.sp
|
||||||
@@ -559,7 +559,7 @@ This option sets the timeout for a query to \fBT\fP seconds. The default timeout
|
|||||||
5 seconds. An attempt to set \fBT\fP to less than 1 is silently set to 1.
|
5 seconds. An attempt to set \fBT\fP to less than 1 is silently set to 1.
|
||||||
.TP
|
.TP
|
||||||
.B \fB+[no]tls\fP
|
.B \fB+[no]tls\fP
|
||||||
This option indicates whether to use DNS\-over\-TLS (DoT) when querying
|
This option indicates whether to use DNS over TLS (DoT) when querying
|
||||||
name servers. When this option is in use, the port number defaults
|
name servers. When this option is in use, the port number defaults
|
||||||
to 853.
|
to 853.
|
||||||
.TP
|
.TP
|
||||||
|
|||||||
Reference in New Issue
Block a user