Jump to content

DNS Privacy With Stubby (Part 1 GNU/Linux)


securitybreach

Recommended Posts

securitybreach

DNS Privacy With Stubby (Part 1 GNU/Linux)

 

Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service.

 

DNS is not secure or private

 

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your encrypted DNS traffic a privacy risk and a security risk:

  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

 

Encrypting your network traffic is always a good idea for privacy and security reasons - we encrypt, because we can! - . More information about dns privacy can be found at https://dnsprivacy.org/

 

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers.

 

At https://dnsprivacy.o...cy Test Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

 

https://stafwag.gith...part1-gnulinux/

 

He explains how to set it up on Archlinux, Debian and the manual way on other distros.

  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

Good stuff!

 

I use OpenDNS, but I don't worry about their logs because the only request made through that DNS is my initial login to my VPN. Once that connection is made, ALL is encrypted.

Link to comment
Share on other sites

securitybreach

Good stuff!

 

I use OpenDNS, but I don't worry about their logs because the only request made through that DNS is my initial login to my VPN. Once that connection is made, ALL is encrypted.

 

Same here except I use https://www.opennic.org/ :)

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...