Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


As of release 239 systemd-resolvd resolved now supports opportunistic DNS-over-TLS!  - see   the resolved.conf man pageThe release notes say:

Code Block
systemd-resolved now supports DNS-over-TLS. It's still
turned off by default, use DNSOverTLS=opportunistic to turn it on in
resolved.conf. We intend to make this the default as soon as couple
of additional techniques for optimizing the initial latency caused by
establishing a TLS/TCP connection are implemented.



Lars de Bruin has kindly created a docker image which uses BIND as a caching local resolver with Stubby as a TLS forwarder.



Android supports DNS-over-TLS in the Android P Developer Preview. Also see this talk
given by the Android developers at NDSS DNS Privacy workshop 2018:
Video, Slides

iOSWork in underway on an iOS app, however it is currently blocked by an implementation restriction.

Operating systems