This presentation will focus on our journey towards building a FedRAMP version of OpenDNS/Cisco Umbrella resolver, all the challenges we encountered along the way and the strategy we took to overcome them.
- Our experiences (struggles) with moving to OpenSSL3 and using the FIPS provider within it.
- How we support both commercial (openssl 1.1.1) and FedRAMP (openssl 3) resolvers from the same codebase
- What does FIPS means for DNSSEC?
- What does FIPS means for DoH, DoT and DNSCrypt?
- Restrictions imposed by the environment we have to operate in.