Bug#958710: ITP: nss-tls -- encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
Package: wnpp
Severity: wishlist
Owner: Kan-Ru Chen <koster@debian.org>
* Package name : nss-tls
Version : pre-release
Upstream Author : Dima Krasner <dima@dimakrasner.com>
* URL : https://github.com/dimkr/nss-tls
* License : LGPL-2.1
Programming Lang: C
Description : encrypted glibc name resolving library which uses DNS-over-HTTPS (DoH)
nss-tls is an alternative, encrypted name resolving library to use
with glibc, which uses DNS-over-HTTPS (DoH).
The glibc name resolver can be configured through nsswitch.conf(5) to
use nss-tls instead of the DNS resolver, or fall back to DNS when
nss-tls fails.
This way, all applications that use the standard resolver API
(getaddrinfo(), gethostbyname(), etc'), are transparently migrated
from DNS to encrypted means of name resolving, with zero
application-side changes and minimal resource consumption footprint.
However, nss-tls does not deal with applications that use their own,
built-in DNS resolver.
There should be three binary packages:
1. nss-tlsd - a daemon that runs in the background, receives name
resolving requests over a Unix socket and replies with resolved
addresses.
2. libnss_tls.so - is a tiny client library, which delegates the
resolving work to nss-tlsd through the Unix socket and passes the
results back to the application, without dependencies other than libc.
3. tlslookup - a utility program that is equivalent to nslookup(1),
but uses libnss_tls.so instead of DNS.
Reply to: