Kategorien
How-to

DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

DNSSEC — the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely — is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern […]

Kategorien
General

DNSSEC for .ch domains

This year, all owners of .ch domains need to switch from the DNS registry SWITCH to a new registrar. Getting an overview over these registrars is hard. Thankfully, Marc Wäckerlin has started the road to transparency with a price comparison of Swiss .ch domain registrars. Here, I extend his results with a survey of DNSSEC […]

Kategorien
How-to Open Source

VirtualBox DHCP nameserver for NAT network

VirtualBox is a great environment for testing networking tools such as opDNS. However, I did not get the VirtualBox DHCP server for NAT network to provide nameserver information, even though the client asks for it. Here’s a simple solution to this problem.

Kategorien
Publications

Stateless DNS

Kategorien
Publications

Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination

Kategorien
Publications

A Multicast-Avoiding Privacy Extension for the Avahi Zeroconf Daemon

Kategorien
How-to

Adding your FRiTZ!Box as a „secure“ DNS resolver for the fritz.box pseudo-domain

Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain „fritz.box“ to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into […]

Kategorien
Editorial

DANE: The CA game changer

Securing the Internet is important. However, many design decisions are broken: For example, encrypted web pages are considered less secure than unencrypted pages, even outright dangerous, unless you regularly pay a lot of money to certificate authorities, which have shown to make the Internet less secure. The new kid on the block, DANE (DNS-based Authentication […]

Kategorien
Open Source Publications

Efficient Privacy Preserving Multicast DNS Service Discovery

Kategorien
Publications

Adding Privacy to Multicast DNS Service Discovery