-
Story
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
rhel-sst-network-management
-
ssg_networking
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
Goal
- As a network administrator, I want to be able to specify different kinds of encrypted DNS servers.
- I want to specify server used would be unencrypted, just specified by IP
- I want to specify server using DNS over TLS, including expected server name. It is possible now with <ip>#<hostname> format.
- I want to specify server using DNS over HTTPS. That can specify IP address and hostname like DoT, but also query path in HTTP protocol. URI is desired for this. We do not have to support it right now, but we want to have a way to configure such server.
- I want to specify server using DNS over QUIC. (no implementation capable of it processing queries over it, just make it possible to enter it.
- Alternative ports might be possible using those servers
- For systemd-resolved and dnsmasq, I want to be able to specify network interface, which outgoing queries should use.
- I want to be able to specify autodetection of these servers. Either via DNR or DDR, it might discover additional parameters for encrypted resolvers.
- I want to decide, whether encrypted parameters are optional or must be used.
Acceptance criteria
A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.
- Verify unencrypted (legacy) DNS server can be specified
- Verify DoT encrypted server is always used, if specified as such.
- Verify DoT encrypted server can be used, but may fallback to unencrypted.