Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 5, 2021 15:12:59 GMT -5
Did you try to use this DNS-over-HTTPS? Do you think its more secure than your ISP's DNS? Is it perhaps better than DNSCrypt?
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 5, 2021 15:13:53 GMT -5
|
|
|
Post by Pyrros on Jan 6, 2021 1:52:34 GMT -5
i am just using some family-friendly DNS , it used to be opendns.org , then cleanbrowsing.org , these days : 1.1.1.3 : safe for family and the fastest of all. I am not particularly concerned about our ISP, eveyone steals each other WIFI these days, so even if some crime is comitted it is hard to put charges solely based on the IP. OTOH most VPNs are whesto based, is this a better form of security? Haven't looked into DNS over HTTPS.
there is a whole infrastructure behind it, /etc/* bazillion of files there, resolv.conf , caching only DNS, it is a very old and developed protocol. Its been ages since I read seriously about DNS, hout about non root DNS, how about .rs or .gr , those talk classic DNS, so what they propose is HTTPS layer *only* for the DNS client, and fall back if it is not supported??
It seems no one is private, in this world, they got all our transactions with credit cards, mobile phones, etc... COVID-19 put the final stone on this.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 6, 2021 5:58:39 GMT -5
Right, so let me explain what I know. DNS server is like an address book that translates domain names imto IPs and reverse. Nothing strange there, but what happens is usually default settings are to have your ISP as your DNS. Since the connection is unencrypted anyone in between can sniff. There is also something called man-in-the-middle attack when imposter pretends to be your router receives incoming requests to DNS servers you use and forwards them to router, finding exaclty what sites you visit. Another concern is ISPs save query logs. Since HTTPS over DNS encrypts traffic it makes it harder for hackers to sniff your data, but still you can't trust HTTPS over DNS providers that they truly won't log your data. Especially since if your provider is in USA and you're outside USA, American government agencies record all trafic. So I'm not quite sure whats better in this case. Oh, almost forgot there is also HTTPS over TLS giving you also hardware support encyption.
|
|
|
Post by Pyrros on Jan 6, 2021 12:38:03 GMT -5
for most protocols there is the -s counterpart : telnet -> ssh, http -> https , ldap -> ldaps , ftp -> sftp (over 22), smtp -> smtp tls , etc Isn't HTTP suite (PUT, POST, GET, DELETE, etc) an overkill for DNS? The diverse nature of services is what led to the development of different protcols in the first place.
There was Reverse DNS for ages, also DNSSEC supported by bind forever. Back in my admin days, circa 1999 I had worked as a linux adm and knew those inside out.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 11, 2021 18:44:09 GMT -5
A bit unrelated to DNS over HTTPS, but I stopped using some major browsers like Firefox because of the attitudes like shown here:
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jan 11, 2021 18:58:45 GMT -5
And to be honest, I also switched to Brave browser after this, as someone who's been using Mozilla for 15 years at least.
|
|
|
Post by Pyrros on Feb 2, 2021 2:48:31 GMT -5
I have told some linux diehards at work that what we will be experiencing form the "open source" world (amazon, google, apple (BSD)) will make microsoft look like peanuts.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Feb 14, 2021 11:23:05 GMT -5
I have told some linux diehards at work that what we will be experiencing form the "open source" world (amazon, google, apple (BSD)) will make microsoft look like peanuts. Some software, like Firefox browser, will never be truly open source as long as you can't take a peek at the code and see what they do and how they handle your information, so I consider open source just those that are really showing their work openly in github, gitlab, bitbucket...
|
|
|
Post by Pyrros on Feb 15, 2021 12:44:41 GMT -5
Back in the day we just had some ftp sites, namely sunsite, then we had sourceforge and freshmeat , or the individual project sites, just the tarballs, now github, but they are owned by m$oft.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Feb 15, 2021 15:42:11 GMT -5
Back in the day we just had some ftp sites, namely sunsite, then we had sourceforge and freshmeat , or the individual project sites, just the tarballs, now github, but they are owned by m$oft.
Yes, Microsoft bought github, but the thing is the software there has source code available, so when I need something from their I just clone the repository, customize and build the app for my own needs. Also, I'm concerned about certain things larger companies and movements want to push into software, sort of like punish you for not agreeing with their political or other views. That's main reason why I don't own social medias, and why I even stopped using Firefox. I have to use Windows because of work, and because I didn't find good support for RDP protocol over IKEv2/IPsec VPN, otherwise I'd delete my Windows straight away and switch to Mint/Ubuntu/Debian.
|
|
|
Post by Pyrros on Feb 17, 2021 15:56:02 GMT -5
for what its worth, my KRDC on FreeBSD sucks all the way, some linux dudes at work have better luck with their linux distros. Windows with some Virtualbox or vmplay linux guest should do the trick, or powershell but I am sure you know all that!
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Feb 17, 2021 19:10:31 GMT -5
for what its worth, my KRDC on FreeBSD sucks all the way, some linux dudes at work have better luck with their linux distros. Windows with some Virtualbox or vmplay linux guest should do the trick, or powershell but I am sure you know all that!
Yup, you're right. I used everything I could think off and everything I could find online, but couldn't find a clean solution. First of all, I found dual boot works the best for me - Windows & Ubuntu, even if I don't use Ubuntu for RDP I still use Linux software a lot. Nowadays there is Windows Subsystem for Linux but some things simply can't work there, and never will because its a Windows module that is best approximation of Linux commands, and it still works passes the commands to NTOKRNL.exe or other Windows Native library, just as any Windows software (from what I understood). I used VMware, but my computer is a bit older so it does not work the way I expect it to. On the other hand, installing Windows and then leaving an unallocated partition for Linux is painless way to go. Afterwards, on Linux, I tried using strongswan implementation for the aforementioned VPN protocol, and it does work well, but then you need a software like Retina which is recommended for RDP but simple does not have all the options I need. And that's with Ubuntu 18.04 which probably has the largest database of both proprietary and open source software available out of all Linux distros. Now, I use Ubuntu mostly for off the work things, but I can only imagine the pain on FreeBSD, as I used Gentoo - the most similar Linux distro to FreeBSD.
|
|
|
Post by Pyrros on Feb 18, 2021 13:42:47 GMT -5
I am too old to change, but still FreeBSD has been a much smaller nuisance than many linux distros my coworkers use. I used to be a redhat linux dude up to 2007, then I converted because redhat closed their product. Then I switched completely to FreeBSD, i dunno I luv it more than linux. Reminds me of the romantic 1980++.
argghhhh I logged in to vent about Athens!!
|
|