You can configure DoT only with a forwarder like Cloudflare, Google, Quad9 etc., but you’re back to sending them your dossier, albeit secretly.I'm just not sure why we wouldn't to implement it if it can be made to do so......thoughts??
You can configure DoT only with a forwarder like Cloudflare, Google, Quad9 etc., but you’re back to sending them your dossier, albeit secretly.I'm just not sure why we wouldn't to implement it if it can be made to do so......thoughts??
You can configure DoT only with a forwarder like Cloudflare, Google, Quad9 etc., but you’re back to sending them your dossier, albeit secretly.
The rub is that there are many many many authoritative nameservers you might need to query based on your web activity and they would all need to support DoT. Maybe one day but not yet.and now showing my supreme stupidity (if I haven't already), is there not a way to encrypt the request to the authoritative nameserver? (or is there even a reason to do so?)
The rub is that there are many many many authoritative nameservers you might need to query based on your web activity and they would all need to support DoT. Maybe one day but not yet.
Another thing of note, your ISP will most likely still be able to see your history based on IP once you complete the DoT protocol. Once you get the destionation IP back from the DoT server - then its all pure IP traffic to your ISP (as usual) - and if they perform any Deep Packet Inspection, or DPI - which as actually a part of AIProtect funnily enough, can still track your history regardless of the DNS answer being encrypted in transit. The main gain is no one else could snoop on your history mid-stream, vs that possibility plaintext. And via DNSSEC required at all root DNS servers, while your queries without DoT would be visible, they would not be modifiable in any way due to the response then breaking the root's (DNSSEC) signature. It all comes down to personal preference on the philosophy of DNS and Unbound! (or if you live in a more surveillance friendly country, DoT is a helpful piece). But to be truly private VPN is the way to go!And so ends another highly insightful tutorial from the wise one @dave14305 ….thanks as always, your help is invaluable.
Correct me if I'm wrong, but doesn't using DoT actually leave its own form of trail behind on those DNS servers? If I recall it was due to the nature of TLS. The connection is more secure, but it leaves a bit of a paper trail on the DoT server, I think due to handshakes. Granted, it is only visible by that DNS provider. AFAIKYou can configure DoT only with a forwarder like Cloudflare, Google, Quad9 etc., but you’re back to sending them your dossier, albeit secretly.
Unbound does provide IPV6 support. But if you want to disable it you can in the config file. You can edit it by running:I currently have IPV6 enabled on my router since comcast offers this feature.
Question: Unbound does not prevent IPV6 from leaking correct?
The only way for IPV6 not too leak would be to disable this feature off in the router (or devices) correct?
BTW I'm currently using PIA VPN.
unbound_manager
vx
do-ip6: yes
You’re sharing all your queries with that chosen DoT public resolver, leaving that trail with them, but not snoopable by others while in transit thanks to TLS.Correct me if I'm wrong, but doesn't using DoT actually leave its own form of trail behind on those DNS servers? If I recall it was due to the nature of TLS. The connection is more secure, but it leaves a bit of a paper trail on the DoT server, I think due to handshakes. Granted, it is only visible by that DNS provider. AFAIK
The rub is that there are many many many authoritative nameservers you might need to query based on your web activity and they would all need to support DoT. Maybe one day but not yet.
This is a didactic video that demonstrates the importance of a TLS proxy layer to the root server. With the advancement of java scripts and remote servers, DNS poisoning has become increasingly common today. The unbound project has been striving to provide a modern and secure DNS server.
Your code is simple and capable of high scalability. Originally focused on caching, recursive and authoritative, today extends its work with TLS solutions.
So as @dave14305 mentions, unless the nameservers all accept TLS, how does Unbound having that capability make it better?
*Cough cough* and unbound.Skynet, Diversion, Dnscrypt etc are solutions designed to add security to your router.
Tapatalk
https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-35#post-541673I noticed version 1.24 of the script is out.
yes, I saw that but I thought that installed version 1.23.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!