-5576. [func] Initial support for DNS-over-HTTP(S). BIND now
- includes DNS-over-HTTP(S) layer built on top of nghttp2.
- Both encrypted and unencrypted HTTP/2 connections
- are supported. [GL !4566]
+5576. [experimental] Initial server-side implementation of DNS-over-HTTPS
+ (DoH). Support for both TLS-encrypted and unencrypted
+ HTTP/2 connections has been added to the network manager
+ and integrated into named. (Note: there is currently no
+ client-side support for DNS-over-HTTPS; this will be
+ added to dig in a future release.) [GL #1144]
5575. [bug] When migrating to dnssec-policy, BIND considered keys
with the "Inactive" and/or "Delete" timing metadata as
an optional ``tls`` option which specifies either a previously configured
``tls`` statement or ``ephemeral``. [GL #2392]
-- ``named`` now has initial support for DNS-over-HTTP(S). Both
- encrypted (via TLS) and unencrypted HTTP/2 connections are supported.
- The latter are mostly there for debugging/troubleshooting
- purposes and for the means of encryption offloading to third-party
- software (as might be desirable in some environments to aid in TLS
- certificates management). [GL !4566]
+- ``named`` now supports DNS-over-HTTPS (DoH). Both TLS-encrypted and
+ unencrypted HTTP/2 connections are supported (the latter may be used to
+ offload encryption to other software).
+
+ Note that there is no client-side support for HTTPS as yet; this will be
+ added to ``dig`` in a future release. [GL #1144]
Removed Features
~~~~~~~~~~~~~~~~
projects / thirdparty / bind9.git / commitdiff
