On 1/30/25 3:25 PM, Fred Morris wrote:
I don't think everything on the planet needs to support encryption
out of the box if composable components are available.
I'm inclined to agree with you.
However, the only rebuttal that I've heard which I give any serious
credence to is the ability for t
As a belated note, the BIND distribution used to include instructions
(in /dnspriv) for putting nginx in front of the nameserver to implement
DoT. Anecdotally, many people I talked to seemed to have no
understanding or awareness just how simple this implementation is /
was.[0] We need better implem
Now I've also come across this draft from the IETF's Network WG, might be relevant? But it seems like it's been published in 2021 and is still a draft. Not sure how "standard" that is in IETF lingo, but it does seem interesting.https://www.ietf.org/archive/id/draft-dickson-dprive-adot-auth-06.htmlI
On Wednesday, 29 January 2025 11:40:50 CET Michael De Roover wrote:
> Granted, for my own domains, doing zone transfers in plain TLS over a VPN
> connection like WireGuard has never failed me either.
TCP, I meant TCP! Goodness gracious, doing an all-nighter was not a good idea.
--
Met vriendelij
On Wednesday, 29 January 2025 11:07:51 CET Stephen Farrell wrote:
> Hiya,
>
> On 29/01/2025 02:58, Michael De Roover wrote:
>
> > I appreciate the confirmation of this being about DoT/DoH
>
>
> Do we have any opinions as to whether the document (which
> I've not read, sorry;-) has anything to s
Hiya,
On 29/01/2025 02:58, Michael De Roover wrote:
I appreciate the confirmation of this being about DoT/DoH
Do we have any opinions as to whether the document (which
I've not read, sorry;-) has anything to say about ADoT?
Ta,
S.
OpenPGP_signature.asc
Description: OpenPGP digital signatu
On Monday, 27 January 2025 13:26:06 CET Robert Wagner wrote:
> FYI - EO 14144 has the following provision related to encrypting DNS:
>
> (c) Encrypting Domain Name System (DNS) traffic in transit is a critical
> step to protecting both the confidentiality of the information being
> transmitted to
On Monday, 27 January 2025 14:05:42 CET Stephane Bortzmeyer via bind-users
wrote:
> On Mon, Jan 27, 2025 at 12:55:08PM +,
> Marc wrote
>
> a message of 36 lines which said:
> > What is this referring to DNSSEC?
>
> The way I understand it, it is referring to DoH and DoT.
>
> > What is th
You can validate all you want but you need to sign your zones and all the
targets of the CNAME chains from your zones for DNSSEC to be effective.
This is paying lip service to sign your zones directive.
% dig www.dhs.gov +dnssec
;; BADCOOKIE, retrying.
; <<>> DiG 9.21.3-dev <<>> www.dhs.gov +dnss
US Federal civilian agencies have been required to do DNSSEC validation for
over ten years.
On Mon, Jan 27, 2025 at 7:42 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 1/27/25 07:02, Carlos Horowicz via bind-users wrote:
> > IMHO this has nothing to do with DNSSEC,
>
> HEA
On 1/27/25 07:02, Carlos Horowicz via bind-users wrote:
IMHO this has nothing to do with DNSSEC,
HEAVYsigh
Why do things seem to focus on the encryption of DNS traffic and ignore
authentication of the information?
I'm sure that all of us are aware that it's perfectly possible for a DoT
/ D
I found this RFC https://www.rfc-editor.org/info/rfc9076 pretty
interesting as it covers all topics related to DNS privacy, including
the need to prepare for quantum-resistant algorithms and encrypting DNS
traffic ... I guess the author is not only referring to resolver traffic
that should use
On Mon, Jan 27, 2025 at 12:55:08PM +,
Marc wrote
a message of 36 lines which said:
> What is this referring to DNSSEC?
The way I understand it, it is referring to DoH and DoT.
> What is the point of encrypting data with the current implementation
> of certificates.
I fail to see the rel
IMHO this has nothing to do with DNSSEC, it sounds more like the urge to
encrypt resolver traffic (I guess they're referring to DoT)
On 27/01/2025 13:55, Marc wrote:
FYI - EO 14144 has the following provision related to encrypting DNS:
(c) Encrypting Domain Name System (DNS) traffic in transit
>
> FYI - EO 14144 has the following provision related to encrypting DNS:
>
> (c) Encrypting Domain Name System (DNS) traffic in transit is a critical
> step to protecting both the confidentiality of the information being
> transmitted to, and the integrity of the communication with, the DNS
> re
FYI - EO 14144 has the following provision related to encrypting DNS:
(c) Encrypting Domain Name System (DNS) traffic in transit is a critical step
to protecting both the confidentiality of the information being transmitted to,
and the integrity of the communication with, the DNS resolver.
(i
16 matches
Mail list logo
