[dns-operations] Introducing DNSCrypt
Rubens Kuhl
rubensk at nic.br
Tue Dec 6 16:26:55 UTC 2011
Wouldn't IPSEC, OpenVPN or SSL up to the task without requiring new protocols and new software ?
Rubens
On Dec 6, 2011, at 1:17 PM, David Ulevitch wrote:
> Friends --
>
> Today we introduced a preview of DNSCrypt (http://www.opendns.com/technology/dnscrypt). The goal of DNSCrypt is to provide encryption of all DNS traffic between stubs and resolvers, a growing and often overlooked problem that has bugged us for some time. TSIG was one consideration, but ultimately, we went for a simpler route for now. Our design follows much of the design outlined here: http://dnscurve.org/out-implement.html
>
> It's lightweight, strives for UDP, and the code is being pushed to Github today so others can check it out.
>
> It's complementary to DNSSEC, doesn't attempt to address verification or validation, but it does provide encryption which helps prevent snooping, replay, filtering and man-in-the-middle attacks. This is the first in a number of releases we have planned around security in the coming year and we're interested in feedback.
>
> Check it out!
>
> Thanks,
> David
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20111206/da0e0539/attachment.html>
More information about the dns-operations
mailing list