diff options
Diffstat (limited to 'network/nss-tls/README')
-rw-r--r-- | network/nss-tls/README | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/network/nss-tls/README b/network/nss-tls/README new file mode 100644 index 0000000000..fe975e3661 --- /dev/null +++ b/network/nss-tls/README @@ -0,0 +1,23 @@ +nss-tls (DNS-over-HTTPS resolver) + +nss-tls is an alternative, encrypted name resolving library for Linux +distributions with glibc which uses DNS-over-HTTPS. The glibc name +resolver can be configured through nsswitch.conf(5) to use nss-tls +instead of the DNS resolver, or fall back to DNS when nss-tls fails. + +This way, all applications that use the standard resolver API +(getaddrinfo(), gethostbyname(), etc'), are transparently +migrated from DNS to encrypted means of name resolving, with +zero application-side changes and minimal resource consumption +footprint. However, nss-tls does not deal with applications that use +their own, built-in DNS resolver. + +See README_SBo.txt for instructions on setting things up, once the +package is installed. It won't "just work", you really do have to +configure it. + +The default servers in the config file are provided by Google, Quad9, +and Cloudflare. If you'd like to change these, there is a list of +public DoH servers here: + +https://zenodo.org/records/4923371 |