Encrypted DNS Query Transports and Their Trust Models

Recently there have been a couple bits of new on the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) front. Comcast and Mozilla have struck a deal to provide a privacy oriented DoH service for Comcast users in the USA. Apple announced at WWDC 2020 that they are implementing both DoH and DoT on their iOS/iPadOS platforms with iOS/iPadOS 14.

So I feel that it is a good time to talk about the trust models inherent to the DNS query system for residential internet users and where DoH/DoT come in.

Continue reading “Encrypted DNS Query Transports and Their Trust Models”

An overview of OS support for IPv6 resolver distribution methods

In this post I will be going over the various levels of support for IPv6 resolver distribution for popular operating systems. Focus on desktop and mobile versions of OSes as those are the ones where we are usually automatically distributing resolver information. Dual stack is implied but IPv6 only functionality can be gleaned from said information as well.

Continue reading “An overview of OS support for IPv6 resolver distribution methods”

The Path to DNS Independence (Part 2)

To quote from Wikipedia:

An authoritative name server is a name server that gives answers that have been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers that were obtained via a regular DNS query to another name server. An authoritative-only name server only returns answers to queries about domain names that have been specifically configured by the administrator.

Continuing on from my theme of DNS independence, I’d like to explore the advantages and disadvantages of hosting your own authoritative name servers.

Let us take a look at my own setup for authoritative name servers.

Continue reading “The Path to DNS Independence (Part 2)”