Nice article about #DoH and it's pros and cons.
It's not very technical and still provides a reasonable insight into the problems and chances of DoH in the way it's currently rolled:
Nice article about #DoH and it's pros and cons.
It's not very technical and still provides a reasonable insight into the problems and chances of DoH in the way it's currently rolled:
Huh, #DNS over #blockchain (or more general DNS that is based on cryptography)β¦ It's an interesting idea especially for the root DNS servers, but there is a fundamental problem:
Key management.
The article I read used youtube.com as an example. What if an attacker obtains the private key for this domain? He can now control it or even transfer it.
Right now, you can get a court rule that undoes that. But with DoB this would mean everyone has to learn a new domain. Good luck with thatβ¦
I guess that's Pihole's way of telling me that my devices are rather well configured.
And I checked, the 2.1 percent that are blocked, are all related to the (unnamed) communication app that I have to use for workβ¦
Setup my own DoH provider for my Firefox :)
If you want to use it: go to about:config, search for network.trr.resolvers and overwrite the value with:
[{ "name": "Cloudflare", "url": "https://mozilla.cloudflare-dns.com/dns-query" },{"name": "Shivering-Isles", "url": "https://dns.shivering-isles.com/dns-query"}]
If you wonder how the stack looks like:
https://git.shivering-isles.com/container-library/dns-over-https
On the production code:
https://git.shivering-isles.com/shivering-isles/infrastructure/tree/master/roles/dns_over_https
TIL: Firefox refuses to use #DoH after the DoH server was down.
Did some maintenance on my server and killed DoH during that time. After starting it again, Firefox refused to use it, while curl already showed that it's working correctly again.
Even within #Firefox due to the configured bootstrap address I could resolve DNS correctly. Just Firefox refused to use the TRR even after making queries π€ I'll maybe spend some time on investigating. Restarting the browser fixes it.
Just a thought, but when Mozilla would provide a DoH server that runs in Intel SGX or similar it should be easy to distribute the DNS requests on 3rd parties.
Intel SGX would take care of running the same code as Mozilla provided, which ensure that no privacy violations appear and at the same time, we can run decentralized with DoH by default.
Oh and for latency, we need to add some response time measuring code in FF to select the fasts DoH server.
Just a thought, but when Mozilla would provide a DoH server that runs in Intel SGX or similar it should be easy to distribute the DNS requests on 3rd parties.
Intel SDX would take care of running the same code as Mozilla provided, which ensure that no privacy violations appear and at the same time, we can run decentralized with DoH by default.
Oh and for latency, we need to add some response time measuring code in FF to select the fasts DoH server.
If you prefer Ansible roles, no problem, here you go:
https://octo.sh/Sheogorath/ansible-infrastructure/tree/master/roles/dns_over_https
There was recently a lot of news about DNS over HTTPS. Some people say it's bad for privacy because it centralizes the DNS requests on Google, Cloudflare and Quad9.
Time to change that and run your own DNS over HTTPS server. I spend some time today in writing, documenting and arranging a small container setup to allow you to do this:
https://octo.sh/container-library/dns-over-https/blob/master/README.md
#DNSoverHTTPS #DoH #Docker #privacy #infosec #selfHosting #DNS
@kuketzblog Settings are already there (in the regular proxy settings) and a tutorial to host it yourself is on its way.
If you want to have a first look:
I might sound too practical in the whole DNS over HTTPS (DoH) debate but: Is there any free software DNS Server out there, that provides self-hosted DoH?
And are there any plans to allow to configure DoH resolvers on network base i.e. IPv6 RA or DHCP?
I might sound to practical in the whole DNS over HTTPS (DoH) debate but: Is there any free software DNS Server out there, that provides self-hosted DoH?
And are there any plans to allow to configure DoH resolvers on network base i.e. IPv6 RA or DHCP?
It appears necessary to AGAIN note #Mozilla only used #Cloudflare in this alpha test. Mozilla are ACTIVELY looking at other organisations to roll this new #DNS over HTTPS #DoH standard.
Does this sound like Cloudflare is the intended only option folks?
https://blog.nightly.mozilla.org/2018/08/28/firefox-nightly-secure-dns-experimental-results/
#DNS testing reults in #Firefox https://www.theregister.co.uk/2018/08/30/doh_passes_performance_test/
"Cloudflare claims it will be βthe Internetβs fastest, privacy-first consumer DNS service.β While OpenDNS and Google DNS both exist, #Cloudflare is focusing heavily on the privacy aspect of its own DNS service with a promise to wipe all logs of #DNS queries within 24 hours."
Thoughts?
https://www.theverge.com/2018/4/1/17185732/cloudflare-dns-service-1-1-1-1
social.giorgiocomai.eu is a social network, courtesy of Giorgio Comai. It runs on GNU social, version 1.2.0-beta4, available under the GNU Affero General Public License.
All social.giorgiocomai.eu content and data are available under the Creative Commons Attribution 3.0 license.