Thanks! But can we now trust OpenDNS, etc in light of the recent news of net neutrality, etc? We probably can't trust our own DNS caches due to the issues of net neutrality, etc., either??
Thank you. On Tue, Dec 31, 2013 at 7:26 AM, Giancarlo Razzolini <grazzol...@gmail.com>wrote: > Em 31-12-2013 05:34, nixlists escreveu: > > Hello, > > > > OpenBSD has this package. Is it trustworthy? Anyone uses here? > > > > I believe this works with OpenDNS, and a few other providers of "secure" > > recursive caches that support dnscurve through this package. DNS is > > probably never going to be secure against attacks in our lifetimes (but, > > hey, maybe not, due to the recent bruhaha), but at least protecting the > > "last mile" seems somewhat feasible with this. > > > > Any help would be greatly appreciated. > > > > Thanks. > > > I've been using it, in conjunction with either named on base and unbound > from ports, to encrypt the dns transmissions of my networks. But, the > version in ports is rather old, 1.2.0 if I'm not mistaken. I compile the > latest version and use either my own rc.d script or the one that ships > with the package. > > Pay attention that it mostly protects, as you said, the last mile. It > wont happen against local attacks on your network, because, unless you > install it on all your machines, it still vulnerable to attacks. But > there this added complexity of having to install a dns cache in all of > them. > > Cheers, > > -- > Giancarlo Razzolini > GPG: 4096R/77B981BC
