Re: Encrypting my DNS traffic (off-topic)
On 11/11/15 4:58 PM, S Moonesamy wrote:
> Hi Logan,
> At 04:52 11-11-2015, Loganaden Velvindron wrote:
>> Do you think a diagram would help :p ?
>
> I usually do not comment about an article if the author is unprepared
> to handle comments. I asked you the following question in March [1]:
> how are the discussions on this mailing list different from, for
> example, discussions on facebook.com? Your reply was: "It involves
> more thinking, and I think that technical ideas being debated on
> Mailing Lists have more weight than facebook discussions, in my humble
> opinion". I'll leave it to you to see what you would like to do about
> the above. :-)
There are 2 paths that we are interested in:
1) Path from OpenDNS DNS servers (which act as public resolvers) and the
Authoritative DNS servers ("Big" servers).
2) Path from the OpenDNS servers to the customers. (you, me and others
on the mailing list).
Securing the DNS communications in 1) involves dnscrypt deployed at both
ends. That's not our concern, as this is not under our control.
Securing the DNS communications in 2) is what is within our control, and
what concerns us. DNScrypt solves 2) by setting up a secure
bi-directional path, using certificates, and cryptography. It's also
quite fast, as the cryptography used was optimized.
We can go further and force everything to go through DNScrypt on my home
router. I'm going one step at a time here :)
So with 2) enabled, It's hard for my ISP to get my DNS messages, and
possibly send it to other agencies for analysis.
As an indicator of DNScrypt potentially disruptive impact, DNScrypt.org
is now blocked from within China :)
Received on Thu Nov 12 2015 - 06:47:24 PST
This archive was generated by hypermail 2.3.0
: Thu Nov 12 2015 - 06:54:03 PST