On Mon, 25 May 2020 20:37:07 -0700 Andy Ruhl <[email protected]> wrote:
> So I'm not big into DNS and I don't have a firm grasp on all of these > techniques, but I have an idea. > > This is all just a big game of who are you hiding from right? If you > hide from your ISP, now you have to trust the DNS server provider. Who > among them are to be trusted? It's not just ensuring privacy, but security as well. In the last few years there have been quite a few attempts to subvert DNS. I found this blog from cisco that is not too technical and most people can follow it: https://blogs.cisco.com/security/dns-under-attack Personally I'm not so much concerned about hiding my activity from ISP, but making sure web and email services cannot be hacked or redirected to malicious servers. So DNSSEC and DNS over TLS can help to some extent. But there are many other layers to this security onion. I've just ordered these two books, they seem like a good read: "Managing Mission - Critical Domains and DNS: Demystifying nameservers, DNS, and domain names" "DNSSEC Mastery: Securing the Domain Name System with BIND" Within a few days of me starting this thread, I got a notification from Name.com warning that someone from China attempted to log into my old and abandoned account. Failed login notification Failed on May 24, 2020, 2:42 am IP Address: 222.173.92.154 I've not used Name.com for the past 10 years, but they seem to keep your details forever and don't provide a facility to delete your account. So you also need to be careful about domain registrars, some of them could have quite lax security policies.
