Page MenuHomePhabricator
Paste P9867

AuthDNS-over-TLS
ActivePublic
Actions

Authored by BBlack on Dec 12 2019, 9:23 PM.
Tags
Referenced Files
F31474051: raw.txt
Dec 12 2019, 9:23 PM
Subscribers
None
-- If you squint, you can see some details like: TLSv1.3 (only), NSID, EDNS TCP Keepalive, and EDNS padding to thwart length analysis
bblack@dns4002:~$ kdig +tls-hostname=ns1.wikimedia.org +nsid @ns1.wikimedia.org en.wikipedia.org A
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 60073
;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1024 B; ext-rcode: NOERROR
;; Option (11): 0172
;; NSID: 646E7334303032 "dns4002"
;; PADDING: 373 B
;; QUESTION SECTION:
;; en.wikipedia.org. IN A
;; ANSWER SECTION:
en.wikipedia.org. 86400 IN CNAME dyna.wikimedia.org.
;; Received 468 B
;; Time 2019-12-12 21:20:07 UTC
;; From 208.80.153.231@853(TCP) in 38.4 ms
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL