Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cloud, edge and everything in between DNS Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS
Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS

Cloud Insidr 2018-06-06 Leave a Comment

Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS

The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.

What is wrong with DNS

What’s wrong with DNS, you ask? For starters:

  • DNS traffic over HTTP lacks privacy: because most DNS traffic is not encrypted, eavesdropping on it is rather easy
  • untrustworthy DNS resolvers lack controls: an untrustworthy resolver can track requests or even tamper with responses from DNS servers, opening the floodgates of spoofing

Solutions for DNS security to consider

Some solutions to consider:

  • DNS over HTTPS (for example, using CoreDNS)
  • DNS over TLS (the IETF is standardizing it)
  • DNS-aware web browsers (right now that would be Firefox)

 

Filed Under: cybersecurity and cyber warfare, DNS, encryption Tagged With: DNS, DNS checks, DNS over HTTPS, encryption

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe

Find the monitor that's right for you.

SSL/TLS Certificate Square (250 x 250)

Tag Cloud

AWS AWS Billing Dashboard AWS Config AWS Cost Explorer AWS EBS AWS Resource Explorer AWS Tag Editor AWS Trusted Advisor cipher suites cyber security Diffie-Hellman EBS EC2 ECDHE Five Eyes Alliance FLAME HSTS HTTP/2 Java Linux Log4j NGINX NVMe PHP RCE Route 53 SELinux SHA-1 SHA-2 SQL SSL TLS

Pearson Education (InformIT)

SSL/TLS Certificate Medium Rectangle (300 x 250)

©2022 CybrAnalytiqa OÜ

  • Content purchasing and syndication