Cloud Insidr

Cybersecurity in the Age of the Machine

Join us on Twitter: @CloudInsidr

Home cloud, edge and everything in between DNS Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS
Symantec Code Signing (728*90)
Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS

Leave a Comment

Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS

The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.

What is wrong with DNS

What’s wrong with DNS, you ask? For starters:

  • DNS traffic over HTTP lacks privacy: because most DNS traffic is not encrypted, eavesdropping on it is rather easy
  • untrustworthy DNS resolvers lack controls: an untrustworthy resolver can track requests or even tamper with responses from DNS servers, opening the floodgates of spoofing

Solutions for DNS security to consider

Some solutions to consider:

  • DNS over HTTPS (for example, using CoreDNS)
  • DNS over TLS (the IETF is standardizing it)
  • DNS-aware web browsers (right now that would be Firefox)

 

Comodo Elite SSL (OV) (728*90)