Dans beaucoup d'organisations, les noms de domaine locaux sont attribués dans un #TLD, un domaine de tête, non normalisé, comme .loc, .corp ou .lan. Pourquoi n'y a t-il pas de domaine de premier niveau normalisé pour ces usages « internes » ?
@smortex I've been told (*unconfirmed*) that the authoritative name servers of archive.{is|fo} serve a deliberately different answer to Cloudflare's resolvers (may be for political reasons). #DNS
Every #IETF meeting, we invent new acronyms. Now, in the #DPRIVE working group (#DNS#privacy), we hear about XoT (Zone transfer - aXfr - over TLS). #IETF105.
Oblivious DNS, a protocol for protecting privacy on the #DNS
Existing privacy techniques do not protect against the resolver. The resolver stills sees everything.
Solution: encrypted DNS-over-DNS tunnel between the client and the Oblivious DNS server (which pretends to be auth. but is actually the real resolver). It will see the query but not the user, and the default resolver wll see the user but not the query.
Internet access providers, governments, antivirus software and of course malware intercept DNS requests and send false replies.
How to measure its prevalence? Check at the auth. server if there is a request and where does it come from. Careful: interception policy may depend on many things (qtype, TLD in the qname, DNS resolver, etc).
Le sachiez-tu ? Le logiciel le plus utilisé pour gérer un ccTLD (domaine national dans le #DNS) se nomme CoCCA et est très international (mais son nom de domaine est un .fr) https://cocca.fr/
Hat jemand eine Idee, warum eine #FritzBox die über #VPN rein kommenden Verbindungen nicht über den lokalen #DNS Server mit #Pihole routet? Alle internen Verbindungen laufen komplett über den DNS, nur die via VPN nicht.
#SyncThing is awesome! I wish I'd got around to installing it years ago, when I first heard about it. It solves the file sync problem proprietary tools like #DropBox solve, and #ownCloud/ #NextCloud aim to replace with #FreeCode. All purely #P2P, with no servers or #DNS required. I'm sharing folders between my laptops and some with a friend back in #Aotearoa (#NZ).
– nearly 15,000 D-Link routers are affected, mostly DSL-2640B – other affected manufacturers are TOTOLINK, and Secutech – hacked routers modify the DNS settings of connected devices to redirect victims to malicious websites
There was recently a lot of news about DNS over HTTPS. Some people say it's bad for privacy because it centralizes the DNS requests on Google, Cloudflare and Quad9.
Time to change that and run your own DNS over HTTPS server. I spend some time today in writing, documenting and arranging a small container setup to allow you to do this:
Having said that, I agree that supernodes don't have to be as centralized as servers. The #fediverse takes this one step, by connecting standard servers. The next step might be to disaggregate server functions, with some specializing in authentication, or media storage, or search, and so on. But we can't get rid of the concept of servers entirely without giving every device a persistent IP address (#IP6), and creating a decentralized replacement for #DNS. @VeintePesos@buoyantair@aral@alcinnz