Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Call For GETDNS and STUBBY package on PfSense

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    1 Posts 1 Posters 359 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      ubernupe
      last edited by ubernupe

      Dear Forum Members/ Developers,
      I am calling for getdns and stubby being able to be made available in and on Pfsense with an install process of stubby/getdns is as simple as:

      pkg install getdns

      I toy with keeping up with FreeBsd distributions and this is being proposed here:

      https://github.com/opnsense/tools/commit/a27087a53b5*

      I am not expert by any means in FreeBsd software development or networking however you can see my contribution towards this end here: https://forum.netgate.com/topic/136322/dns-over-tls-getdns-and-stubby-amended-package-creation
      Hopefully, Pfsense will make getdns package available in Pfsense repositories where stubby is also included with the package. If you feel as I do and it is possible - let's push for it. I say this because the Native Unbound DNS-Over-TLS Feature currently used in Pfsense is not the best implementation of DNS OVER TLS. Native Unbound DNS-Over-TLS in truth will have to wait until OpenSSL 1.1.x is included in FreeBsd 12 or Unbound devs to find a way to validate it without using a function only available in OpenSSL 1.1.x - PfSense is based on FreeBsd; however, we will have to wait until OpenSSL 1.1.x is used by Pfsense in order to use Native Unbound DNS-Over-TLS Feature see here:
      https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658
      The DNS Privacy Project and The IETF recommend using getdns and stubby for DNS OVER TLS. Also, GETDNS and STUBBY are developed by NLnet Labs - the same developers who bring us Unbound, NSD, OPENDNSSEC see here: https://www.nlnetlabs.nl/ https://www.nlnetlabs.nl/projects/getdns/
      So, I am advocating for the best current implementation of DNS OVER TLS and to keep pace with its' standardized current development and the obvious direction that this all important security feature is headed.

      Peace,

      ubernupe

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.