Privacy/Security improvements in regards to DNS

[Killerelite06]

I would like to request the ability to specify custom IPv6 DNS servers and possibly support DNSSEC/DNS over TLS.

[Netduma Fraser]

Thanks for the suggestion, I'll add it to the list!

[Killhippie]

On 11/24/2023 at 6:20 AM, Killerelite06 said:

I would like to request the ability to specify custom IPv6 DNS servers and possibly support DNSSEC/DNS over TLS.

Just use Cloudflare or any third party DNS provider that supports DNSSEC as this is provided by the DNS resolver at the ISP end. Its not a router function. see link for details. https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/

[Killerelite06]

1 minute ago, Killhippie said:

Just use Cloudflare or any thrid party DNS provider that supports DNSSEC as this is provided by the DNS resolver at the ISP end. Its not a router function. https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/

Can be a router function(Source- My Asus router). It would benefit everyone's security/privacy and it would personally allow me to run the Netduma R3 as my main router removing the Asus.

[YT_LowPingKing]

This is a great idea! Currently using ControlD in CLI on my UDM Pro! They have an easy setup guide for all sorts of routers and equipment. 

For anyone interested I'm using ControlD on my DumaOS routers as well. They have a legacy resolver mode in setup for older devices. 

At some point I'll go over everything ColtrolD has to offer on YouTube.com/@LowPingKing

If you have any questions feel free to ask. 

 

[Newfie]

DNSSEC can be used on a router or home network but it will need some additional setup and configuration. The router will need to support DNSSEC and you would need to obtain and configure a DNSSEC-enabled DNS server. Additionally, your domain name would need to be signed with DNSSEC. Some DNS services providers like Google Public DNS and Cloudflare offer DNSSEC support out of the box.

unless you have requirements on a server and as primary use of these routers are for gaming more than more complex home networking  I would think using providers like Google or cloudflare would be better. Supporting it on a router menu is one thing but it’s meant for other purposes as above. 
 

https://www.snbforums.com/threads/any-reason-to-use-dnssec-with-quad9.82748/page-2

I’ve linked a thread for some info to help. 
 

Like many options like DoH is not as straightforward as it seems. The end user must make the choice which suits them. DoH for example may interfere with internal security protocols like IPS/IDS as it’s encrypted so can’t be examined. 

[Killhippie]

On 11/26/2023 at 11:41 AM, Killerelite06 said:

Can be a router function(Source- My Asus router). It would benefit everyone's security/privacy and it would personally allow me to run the Netduma R3 as my main router removing the Asus.

Thats not the same as a ISP DNS server using DNSSEC (which mine does) which safeguards DNS data against various cyber threats, such as DNS cache poisoning, DNS hijacking, and man-in-the-middle attacks.