{"id":2156,"date":"2018-06-06T04:56:33","date_gmt":"2018-06-06T12:56:33","guid":{"rendered":"https:\/\/www.cloudinsidr.com\/content\/?p=2156"},"modified":"2018-07-04T02:25:43","modified_gmt":"2018-07-04T10:25:43","slug":"dns-security-dns-trusted-recursive-resolver-dns-over-https","status":"publish","type":"post","link":"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/","title":{"rendered":"Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS"},"content":{"rendered":"<p>The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.<\/p>\n<p><!--more--><\/p>\n<h1>What is wrong with DNS<\/h1>\n<p>What&#8217;s wrong with DNS, you ask? For starters:<\/p>\n<ul>\n<li>DNS traffic over HTTP <strong>lacks privacy<\/strong>: because most DNS traffic is not encrypted, eavesdropping on it is rather easy<\/li>\n<li>untrustworthy DNS resolvers\u00a0<strong>lack controls<\/strong>:\u00a0an untrustworthy resolver can track requests or even tamper with responses from DNS servers, opening the floodgates of spoofing<\/li>\n<\/ul>\n<h1>Solutions for DNS security to consider<\/h1>\n<p>Some solutions to consider:<\/p>\n<ul>\n<li><a href=\"https:\/\/hacks.mozilla.org\/2018\/05\/a-cartoon-intro-to-dns-over-https\/\" target=\"_blank\" rel=\"noopener\">DNS over HTTPS<\/a> (for example, using\u00a0<a href=\"https:\/\/coredns.io\/2016\/11\/26\/dns-over-https\/\" target=\"_blank\" rel=\"noopener\">CoreDNS<\/a>)<\/li>\n<li>DNS over TLS (the IETF is standardizing it)<\/li>\n<li>DNS-aware web browsers (right now that would be <a href=\"https:\/\/blog.nightly.mozilla.org\/2018\/06\/01\/improving-dns-privacy-in-firefox\/\" target=\"_blank\" rel=\"noopener\">Firefox<\/a>)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.<\/p>\n","protected":false},"author":1,"featured_media":1844,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[33,233,111],"tags":[60,14,234,113],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v14.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS - CloudInsidr<\/title>\n<meta name=\"robots\" content=\"index, follow\" \/>\n<meta name=\"googlebot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta name=\"bingbot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS - CloudInsidr\" \/>\n<meta property=\"og:description\" content=\"The DNS system is broken. The sorry state of DNS security exposes your server and your end users to a variety of risks. Some of those risks are preventable.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudInsidr\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-06T12:56:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-07-04T10:25:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cloudinsidr.com\/content\/wp-content\/uploads\/2018\/05\/https-3344700.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2500\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#website\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/\",\"name\":\"CloudInsidr\",\"description\":\"Cyber security, infotech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.cloudinsidr.com\/content\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/wp-content\/uploads\/2018\/05\/https-3344700.jpg\",\"width\":2500,\"height\":1000,\"caption\":\"HTTPS illustration\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/#webpage\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/\",\"name\":\"Fixing DNS: why you need a Trusted Recursive Resolver and DNS over HTTPS - CloudInsidr\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/#primaryimage\"},\"datePublished\":\"2018-06-06T12:56:33+00:00\",\"dateModified\":\"2018-07-04T10:25:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#\/schema\/person\/dd6ee9cb21cf05763fd7cff3d6f11b2b\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cloudinsidr.com\/content\/dns-security-dns-trusted-recursive-resolver-dns-over-https\/\"]}]},{\"@type\":[\"Person\"],\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#\/schema\/person\/dd6ee9cb21cf05763fd7cff3d6f11b2b\",\"name\":\"Cloud Insidr\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8b2fa1415b3d573b97d818b8f8f83b7c?s=96&d=mm&r=g\",\"caption\":\"Cloud Insidr\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/2156"}],"collection":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/comments?post=2156"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/2156\/revisions"}],"predecessor-version":[{"id":2158,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/2156\/revisions\/2158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/media\/1844"}],"wp:attachment":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/media?parent=2156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/categories?post=2156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/tags?post=2156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}