[dns-operations] Introducing DNSCrypt

Rubens Kuhl rubensk at nic.br
Tue Dec 6 16:26:55 UTC 2011


Wouldn't IPSEC, OpenVPN or SSL up to the task without requiring new protocols and new software ? 


Rubens

On Dec 6, 2011, at 1:17 PM, David Ulevitch wrote:

> Friends --
> 
> Today we introduced a preview of DNSCrypt (http://www.opendns.com/technology/dnscrypt).  The goal of DNSCrypt is to provide encryption of all DNS traffic between stubs and resolvers, a growing and often overlooked problem that has bugged us for some time.  TSIG was one consideration, but ultimately, we went for a simpler route for now.  Our design follows much of the design outlined here: http://dnscurve.org/out-implement.html
> 
> It's lightweight, strives for UDP, and the code is being pushed to Github today so others can check it out.
> 
> It's complementary to DNSSEC, doesn't attempt to address verification or validation, but it does provide encryption which helps prevent snooping, replay, filtering and man-in-the-middle attacks.  This is the first in a number of releases we have planned around security in the coming year and we're interested in feedback.
> 
> Check it out! 
> 
> Thanks,
> David
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20111206/da0e0539/attachment.html>


More information about the dns-operations mailing list