New secure DNS provider

News that do not fit in elswhere

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9209
Joined: 14 Mar 2010, 16:34

New secure DNS provider

Postby viking60 » 08 Apr 2018, 14:25

The Domain name system /DNS) is the phone book of the Internet.
It translates ams15s22-in-x0e.1e100.net to Google and it does so openly without encryption in most cases,

So no matter how safe your Internet traffic is your provider can easily read, store and share your Internet history with anyone.

Now most Internet providers say that they do not do that and in any case they are exceptionally trustworthy.... :liar:

So I have used DNScrypt for some time to prevent those trustworthy guys from reading my every internet surfing.

You will remember that lots of Facebook data landed in Cambridge - and the DNS would have been a great help there.

The problem is that some of the providers say that they do not store anything but we have no way of knowing if that is the case.

In comes Cloudflare with a new set of DNS that secures that you can use their name-servers and that nothing will be stored and logged.

Cloudflare has a history of promoting privacy but in principle this does not set them off from all the other providers that claim not to store anything.

But they have gone a step further and have engaged the Auditor KPMG to control and supervise that this is actually the case - that is as secure as it gets
Frankly, we don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.

. :B

So drop Googles 8.8.8.8 and 8.8.4.4 and replace them with 1.1.1.1 and 1.0.0.1

In Linux you can enter the namservers directly in /etc/resolv.conf or enter the namservers in the Networkmanager,
:A
https://1.1.1.1/

This is easier than implementing Dnscrypt - a project that is experiencing some problems these days...
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
R_Head
Berserk
Posts: 2465
Joined: 17 Mar 2010, 15:40

Re: New secure DNS provider

Postby R_Head » 08 Apr 2018, 15:20

Nice !!! :s

User avatar
viking60
Über-Berserk
Posts: 9209
Joined: 14 Mar 2010, 16:34

Re: New secure DNS provider

Postby viking60 » 09 Apr 2018, 12:54

Yes they seem OK but it is not perfect.
Cloudflare will store data permanently including:
Aggregate List of All Domain Names Requested, and timestamp of first time requested

However they will remove your IP from these data and anonymize them.
All information collected by Cloudflare, no matter whether such information is part of Cloudflare’s temporary or permanent logs, will be cleansed of any personally identifiable data (including IP addresses). Additionally information that is stored as part of Cloudflare’s permanent logs will be further anonymized.


The good (and new) thing is that this will be audited so we are not simply left to trust them.

The main reason for concern is that Cloudflare is a US company and can be instructed and gagged as we have seen in several cases.
There is nothing Cloudflare can do about that and that makes them somewhat insecure despite all the good intentions.

The sad thing is that the US agencies have made it impossible to trust US Tech companies.

The Auditor -KPMG- is an international network that cannot be said to be under US control though.
In any case it is in the DNA of every Audit company to follow and audit according to each nations laws. If there are any laws that allow the US government to steal our private surfing data and to gag anybody with knowledge - then KPMG will be gagged too.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
viking60
Über-Berserk
Posts: 9209
Joined: 14 Mar 2010, 16:34

Re: New secure DNS provider

Postby viking60 » 13 Apr 2018, 08:56

If you use Dnsmasq then you can add the DNS by adding:

Code: Select all

server=1.1.1.1
server=1.0.0.1

to /etc/dnsmasq.conf
Remember to restart the service:

Code: Select all

sudo systemctl restart dnsmasq


You can check that it works on https://dnsleaktest.com/

(Cloudflare with dnsmasq as cache is really fast)
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

Blackcrack
Posts: 191
Joined: 02 Apr 2013, 08:31

Re: New secure DNS provider

Postby Blackcrack » 14 Apr 2018, 10:54

done :) Thy :smug

User avatar
viking60
Über-Berserk
Posts: 9209
Joined: 14 Mar 2010, 16:34

Re: New secure DNS provider

Postby viking60 » 15 Apr 2018, 10:33

:s
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"


Return to “General News”