Jump to content


DNS Privacy With Stubby (Part 1 GNU/Linux)


  • Please log in to reply
2 replies to this topic

#1 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,889 posts

Posted 09 September 2018 - 08:42 AM

Quote

DNS Privacy With Stubby (Part 1 GNU/Linux)

Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service.

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.
This make your encrypted DNS traffic a privacy risk and a security risk:
  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.
Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - we encrypt, because we can! - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers.

At https://dnsprivacy.o...cy Test Servers you can find a few other options.
You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

https://stafwag.gith...part1-gnulinux/

He explains how to set it up on Archlinux, Debian and the manual way on other distros.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,508 posts

Posted 09 September 2018 - 01:40 PM

Good stuff!

I use OpenDNS, but I don't worry about their logs because the only request made through that DNS is my initial login to my VPN. Once that connection is made, ALL is encrypted.

#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,889 posts

Posted 09 September 2018 - 02:16 PM

View PostV.T. Eric Layton, on 09 September 2018 - 01:40 PM, said:

Good stuff!

I use OpenDNS, but I don't worry about their logs because the only request made through that DNS is my initial login to my VPN. Once that connection is made, ALL is encrypted.

Same here except I use https://www.opennic.org/ :)
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users