Speaker
Jeffrey Damick
(Amazon)
Description
There are multiple approaches taken today using unencrypted and encrypted DNS to identify stub resolvers to recursive resolvers, including using the query source IP address or injecting additional records with custom labels the recursive resolver can parse. In this presentation, we will recommend using mTLS as a best practice when stub resolvers need to provide secure identities to recursive resolvers over encrypted DNS connections, then walk through the reasons we chose this recommendation over alternative forms of client authentication.
| Talk duration | 5 Minutes (no Q&A) |
|---|
Primary author
Jeffrey Damick
(Amazon)
