DevHeads.net

Get stubby into Fedora to provide safe DNS resolution via DNS-over-TLS

Providing privacy and security for DNS! (especially after dnscrypt is discontinued now).
It would be nice to have this in Fedora.

<a href="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby" title="https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby">https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby</a>
GitHub: <a href="https://github.com/getdnsapi/stubby" title="https://github.com/getdnsapi/stubby">https://github.com/getdnsapi/stubby</a>
For distro status see: <a href="https://repology.org/metapackage/stubby/versions" title="https://repology.org/metapackage/stubby/versions">https://repology.org/metapackage/stubby/versions</a>

Comments

Re: Get stubby into Fedora to provide safe DNS resolution via DN

By Bob Mauchin at 01/10/2018 - 11:18

On mercredi 10 janvier 2018 00:07:11 CET rugk wrote:
Although upstream has splitted Stubby in a separate repo in August 2017, they
still distribute it along Getdns source. Thus in Fedora, the latest Stubby is
currently installed with the latest release of Getdns. See https://
src.fedoraproject.org/rpms/getdns/blob/master/f/getdns.spec

Maybe you could suggest the package maintainer to add a "Provides: stubby" so
it can be found directly. CCing Paul Wouters in that regard.

Best regards,

Robert-André

Re: Get stubby into Fedora to provide safe DNS resolution via DN

By Dario Lesca at 01/10/2018 - 15:18

Il giorno mer, 10/01/2018 alle 17.18 +0100, Robert-André Mauchin ha
scritto:
[ lesca@dodo ~]$ dnf whatprovides stubby -C
Last metadata expiration check: 0:29:45 ago on Wed Jan 10 20:39:15 2018.
getdns-devel-1.2.1-1.fc27.i686 : Development package that includes the header files
Repo : updates
Matched from:
Filename : /usr/bin/stubby

Stubby Is in getdns-devel.

I have discovered strubby only now. Thanks.

I have some question:

Why all dns server are not TLS-SSL ready?

There is some simple howto to learn how to use it on workstation ?

and how to integrates with bind / named dns server?

Whit which public dns server can be use? is the 9.9.9.9 the only?
<a href="https://medium.com/nlnetlabs/privacy-using-dns-over-tls-with-the-new-quad9-dns-service-1ff2d2b687c5" title="https://medium.com/nlnetlabs/privacy-using-dns-over-tls-with-the-new-quad9-dns-service-1ff2d2b687c5">https://medium.com/nlnetlabs/privacy-using-dns-over-tls-with-the-new-qua...</a>

Many thanks for clarification

Re: Get stubby into Fedora to provide safe DNS resolution via DN

By Paul Wouters at 01/10/2018 - 11:36

On 01/10/2018 11:18 AM, Robert-André Mauchin wrote:
That's a good idea! I'll fire of some new builds with that later today when I fixup
the libidn2 handling as well.

Paul

Re: Get stubby into Fedora to provide safe DNS resolution via DN

By Stephen Gallagher at 01/10/2018 - 11:46

If people are going to search for this directly, it might be useful to add
this to the package description as well (or create a metapackage for stubby
that pulls in the getdns package.