Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 18 Aug 2019, 10:04
All times are UTC - 4
 Forum index » Off-Topic Area » Security
DNS
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 1885
Location: Canada

PostPosted: Thu 15 Nov 2018, 20:16    Post subject:  DNS
Subject description: understanding Domain Name System
 

Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.

Every open source server platform, such as Linux or BSD, offers many free implementations of the DNS resolution service. The oldest of these is called BIND, but newer implementations such as PowerDNS, Unbound, and Knot are also well-trusted, production-ready software packages. Most will offer some kind of template configuration that includes local DNS resolution.
Source : https://www.darkreading.com/vulnerabilities---threats/benefits-of-dns-service-locality/a/d-id/1333088?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

DNSSEC

To a great extent, protecting DNS today begins with DNSSEC. The DNS Security Extensions handle one set of tasks, but it's an extremely important set in the overall scheme of things. DNSSEC is all about making sure that the server (or service) you want to talk to is the one you're actually talking to.

DNSSEC uses a DNSSEC-validating DNS resolver to check DNS signatures and ensure that the resolution information has not been changed and the responding server is the correct server. It's important to note that the signatures in DNSSEC aren't used for any sort of encryption — they're only responsible for validating the identity of the servers involved.

It's also important to note that DNSSEC can protect more than Web pages. Any service that uses a DNS-based address, from email to instant messaging, can benefit from the server authentication provided by DNSSEC.


Quad9

Quad9 is a joint project of the Global Cyber Alliance (GCA), IBM, and Packet Clearing House. Beyond basic name resolution, Quad9 (named for its address, 9.9.9.9) is intended to block the vast majority of malicious sites, including those hosting and controlling malware, botnet infrastructure, and more. To do so, Quad9 collects reputation and security information from 18 different partners, including F-Secure, abuse.ch, Cisco, Proofpoint, and NetLab.

In addition to the blacklist functions, Quad9 will support both a whitelist of the million top-requested domains and a "gold list" of major sites (such as Google, Amazon Web Services, and Microsoft Azure) that should always be considered "safe." Both types of lists are intended to maintain high performance while providing security from bad actors and their malicious destinations.

Source : https://www.darkreading.com/operations/7-ways-to-keep-dns-safe/d/d-id/1332252

Further reading :
DuckDuckGo's public DNS list
https://duckduckgo.com/html?q=public%20dns
"DNS [security] is still not top of mind,"
https://www.darkreading.com/perimeter/dns-a-victim-of-its-own-success--/d/d-id/1330048
Intra, the Android App for DNS Encryption
https://www.darkreading.com/mobile/an-intro-to-intra-the-android-app-for-dns-encryption/d/d-id/1332965
Best Public DNS Servers
https://whoer.net/blog/article/best-public-dns-servers/
Public DNS for IPv4 and IPv6
https://sebsauvage.net/wiki/doku.php?id=dns-alternatifs
The official release of AdGuard DNS — a new unique approach to privacy-oriented DNS
https://adguard.com/en/blog/adguard-dns-announcement/

Last edited by labbe5 on Thu 10 Jan 2019, 10:56; edited 3 times in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1885
Location: Canada

PostPosted: Thu 10 Jan 2019, 10:27    Post subject: Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS  

https://thehackernews.com/2019/01/google-dns-over-tls-security.html

Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).

Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks.


To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 1885
Location: Canada

PostPosted: Fri 09 Aug 2019, 18:45    Post subject: Knot DNS
Subject description: High-performance authoritative-only DNS server
 

https://www.knot-dns.cz/
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0310s ][ Queries: 11 (0.0054s) ][ GZIP on ]