[Yeti DNS Discuss] 答复: A public Yeti DNS resolver (but with TLS)
bortzmeyer at nic.fr
Sun Mar 12 17:42:36 UTC 2017
On Wed, Mar 08, 2017 at 05:07:06PM +0800,
Davey Song <ljsong at biigroup.cn> wrote
a message of 160 lines which said:
> 1) an error reported that "unable to get local issue certificate" (for
> newbie of TLS certificate setting, is there any instruction?)
The certifcate is a Let's Encrypt one. Whether you can validate it or
not depends on what is in your local certificate store (that's one of
the big problems of PKIX: not two machines have the same set of CA
> 3) it causes 1~2 second delay compared to raw udp which I think may affect
> users experience.
Well, you are not supposed to create a TCP connection for each
request. You have to keep connections open (RFC 7766, option -L of stubby).
More information about the discuss