[Yeti DNS Discuss] 答复: A public Yeti DNS resolver (but with TLS)

'Stephane Bortzmeyer' bortzmeyer at nic.fr
Sun Mar 12 17:42:36 UTC 2017

On Wed, Mar 08, 2017 at 05:07:06PM +0800,
 Davey Song <ljsong at biigroup.cn> wrote 
 a message of 160 lines which said:

> 1) an error reported that "unable to get local issue certificate" (for
> newbie of TLS certificate setting, is there any instruction?)

The certifcate is a Let's Encrypt one. Whether you can validate it or
not depends on what is in your local certificate store (that's one of
the big problems of PKIX: not two machines have the same set of CA

> 3) it causes 1~2 second delay compared to raw udp which I think may affect
> users experience.

Well, you are not supposed to create a TCP connection for each
request. You have to keep connections open (RFC 7766, option -L of stubby).

More information about the discuss mailing list