Em 31-12-2013 05:34, nixlists escreveu: > Hello, > > OpenBSD has this package. Is it trustworthy? Anyone uses here? > > I believe this works with OpenDNS, and a few other providers of "secure" > recursive caches that support dnscurve through this package. DNS is > probably never going to be secure against attacks in our lifetimes (but, > hey, maybe not, due to the recent bruhaha), but at least protecting the > "last mile" seems somewhat feasible with this. > > Any help would be greatly appreciated. > > Thanks. > I've been using it, in conjunction with either named on base and unbound from ports, to encrypt the dns transmissions of my networks. But, the version in ports is rather old, 1.2.0 if I'm not mistaken. I compile the latest version and use either my own rc.d script or the one that ships with the package.
Pay attention that it mostly protects, as you said, the last mile. It wont happen against local attacks on your network, because, unless you install it on all your machines, it still vulnerable to attacks. But there this added complexity of having to install a dns cache in all of them. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
