CONNECTBYNAME

The goal of the connectbyname library is to simplify application code to set up a TLS connection when given a DNS name and a port.

The library takes care of resolving A and AAAA addresses, Happy Eyeballs, and DANE validation.

Together with changes to Stubby, the library also provides control over connections to upstream DNS resolvers, for example, whether encryption is mandatory or not.

The code consists of a series of prototypes, each more complex than the one before. The most resent one is 'proto9'. This last prototype depends on an experimental branch of getdns.

Feature List

  • Support for Happy Eyeballs
  • DANE authentication
  • Selecting DNS upstreams (DNS over port 53, DNS over TLS, DNS over HTTPS)
  • Limited support for SVCB/HTTPS

nlnet   ngi0disc

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.