DNS Privacy: DNS-over-TLS (Stubby)

st3fx · March 14, 2019, 10:57am

Problem:
"The DNS is one of the most significant leaks of data about an individuals activity on the Internet...Note that even when using a VPN some VPNs will still leak your DNS queries by sending them unencrypted to your ISP." http://dnsprivacy.org/the_problem/

Solution:
"DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks." DNS over TLS - Wikipedia

Stubby (DNS Privacy Daemon):
"'Stubby' is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy." http://dnsprivacy.org/dns_privacy_daemon_-_stubby/

More info:

KentE · March 14, 2019, 3:24pm

(Much to my dismay, I feel like the dog in the "what your dog hears" cartoon...... I know it's important..... )

st3fx · March 14, 2019, 7:50pm

DNS is used to translate domain/host names to IP addresses. The takeaway is that DNS-TLS is much more secure than standard DNS. Hopefully soon there will be native support for DNS-TLS on all platforms so additional software will not be required.