> On 2018/Nov/13, at 5:55 pm, Hamish Moffatt <[email protected]> wrote:
>
> On 13/11/18 4:57 pm, Kim Holburn wrote:
>> The problem is that DNS is currently basically broken. DNS requests go
>> unencrypted, in the clear and there is no kind of proof that the answer has
>> not been read or tampered with.
>>
>> This (app) solves one part of that problem and not well really. The
>> connection between you and one or two DNS servers are encrypted. The dns
>> requests you make cannot be examined or changed by your ISP or other ISPs in
>> the chain.
>>
>> It doesn't solve the problem of proving the DNS record is accurate.
>
>
> DNSSEC proves that the answer has not been tampered with. It does not prevent
> eavesdropping, but DNS over HTTPS or DNS over TLS do.
Yes, and neither of these have been rolled out to retail or domestic systems.
They are both difficult to actually use. Also probably not everyone has a
certificate for their DNS, so I'm not sure of the coverage of DNSSEC.
And governments are systematically poisoning local DNS servers.
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:[email protected] aim://kimholburn
skype://kholburn - PGP Public Key on request
_______________________________________________
Link mailing list
[email protected]
http://mailman.anu.edu.au/mailman/listinfo/link
