Jump to content

Privacy/Security improvements in regards to DNS


Recommended Posts

On 11/24/2023 at 6:20 AM, Killerelite06 said:

I would like to request the ability to specify custom IPv6 DNS servers and possibly support DNSSEC/DNS over TLS.

Just use Cloudflare or any third party DNS provider that supports DNSSEC as this is provided by the DNS resolver at the ISP end. Its not a router function. see link for details. https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/

Link to comment
Share on other sites

1 minute ago, Killhippie said:

Just use Cloudflare or any thrid party DNS provider that supports DNSSEC as this is provided by the DNS resolver at the ISP end. Its not a router function. https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/

Screenshot2023-11-26at13_38_15.png.945494ea3c1406a76cc46f95d7990648.png

Can be a router function(Source- My Asus router). It would benefit everyone's security/privacy and it would personally allow me to run the Netduma R3 as my main router removing the Asus.

Link to comment
Share on other sites

This is a great idea! Currently using ControlD in CLI on my UDM Pro! They have an easy setup guide for all sorts of routers and equipment. 

For anyone interested I'm using ControlD on my DumaOS routers as well. They have a legacy resolver mode in setup for older devices. 

At some point I'll go over everything ColtrolD has to offer on YouTube.com/@LowPingKing

If you have any questions feel free to ask. 

 

Link to comment
Share on other sites

DNSSEC can be used on a router or home network but it will need some additional setup and configuration. The router will need to support DNSSEC and you would need to obtain and configure a DNSSEC-enabled DNS server. Additionally, your domain name would need to be signed with DNSSEC. Some DNS services providers like Google Public DNS and Cloudflare offer DNSSEC support out of the box.

unless you have requirements on a server and as primary use of these routers are for gaming more than more complex home networking  I would think using providers like Google or cloudflare would be better. Supporting it on a router menu is one thing but it’s meant for other purposes as above. 
 

https://www.snbforums.com/threads/any-reason-to-use-dnssec-with-quad9.82748/page-2

I’ve linked a thread for some info to help. 
 

Like many options like DoH is not as straightforward as it seems. The end user must make the choice which suits them. DoH for example may interfere with internal security protocols like IPS/IDS as it’s encrypted so can’t be examined. 

Link to comment
Share on other sites

  • 1 month later...
On 11/26/2023 at 11:41 AM, Killerelite06 said:

Screenshot2023-11-26at13_38_15.png.945494ea3c1406a76cc46f95d7990648.png

Can be a router function(Source- My Asus router). It would benefit everyone's security/privacy and it would personally allow me to run the Netduma R3 as my main router removing the Asus.

Thats not the same as a ISP DNS server using DNSSEC (which mine does) which safeguards DNS data against various cyber threats, such as DNS cache poisoning, DNS hijacking, and man-in-the-middle attacks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...