...
This topic details the requirements that NIOS appliances must meet for enabling the DNS over TLS and DNS over HTTPS services and has instructions to configure these services. The sections covered in this topic are as follows:
| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Licensing and Certificate Requirements
DNS over TLS and DNS over HTTPS require the vDCA (virtual DNS Cache Acceleration) or vADP (virtual Advanced DNS Protection Software) service to be licensed and enabled. If the DNS Cache Acceleration and/or Advanced DNS Protection Software services are not enabled, the DNS over TLS and DNS over HTTPS features will not work even if they are enabled. For more information about DNS Cache Acceleration and Advanced DNS Protection Software (threat protection), see /wiki/spaces/nios85draft/pages/26481432 and /wiki/spaces/nios85draft/pages/26478887Configuring DNS Cache Acceleration and About Infoblox Advanced DNS Protection respectively.
The DNS over TLS or the DNS over HTTPS service uses the same self-signed certificate that NIOS generates for HTTPS communication when it first starts. You can also generate a certificate signing request (CSR) and use it to obtain a signed certificate from your own trusted certificate authority (CA). For more information, see Generating Certificate Signing Requests.
The certificate is provisioned for each member. For more information about certificates, see /wiki/spaces/nios85draft/pages/26477152Managing Certificates.
| Note |
|---|
Note NIOS generates a new self-signed certificate when the host name or the IP address of the member is changed or when a Grid Master Candidate is promoted. If the DNS over TLS or DNS over HTTPS feature is enabled on a member, then every time a new self-signed certificate, HTTPS certificate, or a CA certificate is generated, the DNS over TLS service or the DNS over HTTPS service (depending on which feature is enabled) automatically restarts to upload the new certificate. |
...