Configuring DNScryptĭNScrypt is surprisingly easy to configure and deploy on my end user equipment. Exactly, what I'm looking for ! The icing on the cake is that DNScurve and DNScrypt have NOT been influenced by NIST "recommendations" for cryptography. It encrypts the traffic between OpenDNS public servers, and my house. OpenDNS also released dnscrypt, which encrypts the "last mile". OpenDNS is the major company to deploy DNScurve for its public DNS servers. It encrypts the traffic between resolvers, and the big DNS servers on the Internet. This is key to prevent pervasive monitoring on the Internet.Ī group of really smart people came up with a protocol known as dnscurve. The gibberish string is what is important here: This is what is called Encryption. However, in this case, I do not trust my ISP DNS server since it's operated by a partially-owned government ISP which blocked facebook once. My home router takes this gibberish, does some math vodoo and sends it back to me as "22.11.22.22". Then, It takes the IP address "22.11.22.22", and sends it back as "DEADBEEF0x42asd" to my home router. So, if I type, ib.mcb.mu, I want "ib.mcb.mu" to be sent as "XSDSDDSDSDASASDS", and my ISP takes this string that nobody can make sense, and turn it back into "ib.mcb.mu". I want the DNS server on my ISP to receive my request encrypted, and also reply to me using encryption. If it's not valid due to failing the DNSSEC validation, we know that there might be an attack somewhere or someone who did not configure DNSSEC properly. It was designed to check if the reply (22.11.22.22) I'm getting from my ISP DNS server is valid or NOT. DNS is a very good metadata to build a profile about anybody on the Internet :)ĭNSSEC was never designed to to encrypt the question-reply DNS messages between my ISP and my home router. It can also be used to check which websites I've been visiting. It can be used to guess when I am checking my bank account. I'm not comfortable with my DNS traffic passing around unencrypted. Lack of transparency is an issue with the ICT Authorities in Mauritius. However, we don't know what else they might be collecting on us. We already know that they are filtering Internet in Mauritius, and blocking Child pornography. My ISP can capture this traffic and send it to some agency somewhere. The problem here is that this message is sent unencrypted. The DNS server at the ISP side will reply with something like "22.22.11.22". The message is basically : "What is the IP address of Internet Banking web site ?". When I launch my mobile banking application, There's a message known as DNS, which is sent to my ISP. They prefer that I avoid going to their regional office for bank transfers. I use Internet Banking because my bank forced me to.
0 kommentar(er)
