Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Paste
P9867
AuthDNS-over-TLS
Active
Public
Actions
Authored by
BBlack
on Dec 12 2019, 9:23 PM.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Award Token
Flag For Later
Tags
Traffic
Referenced Files
F31474051: raw.txt
Dec 12 2019, 9:23 PM
2019-12-12 21:23:13 (UTC+0)
Subscribers
None
-- If you squint, you can see some details like: TLSv1.3 (only), NSID, EDNS TCP Keepalive, and EDNS padding to thwart length analysis
bblack@dns4002:~$ kdig +tls-hostname=ns1.wikimedia.org +nsid @ns1.wikimedia.org en.wikipedia.org A
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 60073
;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1024 B; ext-rcode: NOERROR
;; Option (11): 0172
;; NSID: 646E7334303032 "dns4002"
;; PADDING: 373 B
;; QUESTION SECTION:
;; en.wikipedia.org. IN A
;; ANSWER SECTION:
en.wikipedia.org. 86400 IN CNAME dyna.wikimedia.org.
;; Received 468 B
;; Time 2019-12-12 21:20:07 UTC
;; From 208.80.153.231@853(TCP) in 38.4 ms
Event Timeline
BBlack
created this paste.
Dec 12 2019, 9:23 PM
2019-12-12 21:23:13 (UTC+0)
BBlack
mentioned this in
T239994: Implement DNS-over-TLS for AuthDNS
.
Dec 12 2019, 9:27 PM
2019-12-12 21:27:53 (UTC+0)
Log In to Comment