Note that even DNSSec is not encrypted, and that not all domain names support DNSSec. Rather than creating a local server of named or unbound that recursively resolves domain names in the open, it would be more practical to just rely on another public service that supports DNSCrypt, since traffic with a normal DNS protocol is open to eavesdropping (from unwanted parties like your ISP), and forgery. The protocol has not been submitted to IETF, but a lot of people has already started using it, and multiple client and server implementations already exist.ĭNSCrypt is simply a protocol that allows authentication and encryption between two parties - the service which most of the time is the resolver, and the client which requests for domain names to be resolved.
DNSCrypt has become the most ideal solution for having secure DNS resolving sessions.
0 kommentar(er)
