![]() ![]() Is the portion of your Internet connection between your computer and your ISP. That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak - particularly in the “last mile.” The “last mile” Impacted nearly every DNS implementation in the world (though not OpenDNS). Many will remember the Kaminsky Vulnerability, which OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort. ![]() While OpenDNS has provided world-class security using DNS for years, and It’s used any time you visit a website, send an email, have an IM conversation or do anything else online. I can only trust that they do it, not do anything about it.DNSCrypt Introducing DNSCrypt Background: The need for a better DNS securityĭNS is one of the fundamental building blocks of the Internet. The DNS I use will have to take the necessary steps to ensure the data they receive is good. What is important to me, and the only thing I can do anything about, is to ensure that the data gets from OpenDNS to me without going through a man in the middle or in any other way gets tampered with. That is something that will have to rely on the communication they receive. Yes, OpenDNS can serve bad data sometimes as bad data can propagate through the system.Ī couple of questions: What exactly does DNSSEC do? Does it encrypt the traffic between the DNS and yourself? Or is it merely a way to say "OpenDNS is actually OpenDNS"? If is the latter, then I actually would prefer BOTH - a verification that the DNS actually is the real one, and encrypted traffic so no others can tamper with the data between the DNS and me.īut in both these scenarios are there any way to secure that the data OpenDNS has received is actually good. I think we are now into the academic area. Because the response from opendns is signed/encrypted does not mean what opendns is giving me is good info. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |