summaryrefslogtreecommitdiffstats
path: root/network/nss-tls/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/nss-tls/README')
-rw-r--r--network/nss-tls/README23
1 files changed, 23 insertions, 0 deletions
diff --git a/network/nss-tls/README b/network/nss-tls/README
new file mode 100644
index 0000000000..fe975e3661
--- /dev/null
+++ b/network/nss-tls/README
@@ -0,0 +1,23 @@
+nss-tls (DNS-over-HTTPS resolver)
+
+nss-tls is an alternative, encrypted name resolving library for Linux
+distributions with glibc which uses DNS-over-HTTPS. The glibc name
+resolver can be configured through nsswitch.conf(5) to use nss-tls
+instead of the DNS resolver, or fall back to DNS when nss-tls fails.
+
+This way, all applications that use the standard resolver API
+(getaddrinfo(), gethostbyname(), etc'), are transparently
+migrated from DNS to encrypted means of name resolving, with
+zero application-side changes and minimal resource consumption
+footprint. However, nss-tls does not deal with applications that use
+their own, built-in DNS resolver.
+
+See README_SBo.txt for instructions on setting things up, once the
+package is installed. It won't "just work", you really do have to
+configure it.
+
+The default servers in the config file are provided by Google, Quad9,
+and Cloudflare. If you'd like to change these, there is a list of
+public DoH servers here:
+
+https://zenodo.org/records/4923371
generated by cgit v1.2.3 (git 2.32.0) at 2024-05-05 13:31:53 +0200