hello friends! new(ish)!
DNS: Difference between revisions
Jump to navigation
Jump to search
>Galactus mNo edit summary |
>Galactus |
||
Line 14: | Line 14: | ||
* DNS can be used for Man in the Middle attacks. | * DNS can be used for Man in the Middle attacks. | ||
: If an attacker controls your DNS (e.g. poisoned WiFi), they can redirect your requests to malicious servers. HTTPS with valid certificates can protect against this, but tech illiterate users generally click through security warnings | : If an attacker controls your DNS (e.g. poisoned WiFi), they can redirect your requests to malicious servers. HTTPS with valid certificates, DNSCrypt and servers that support the DNSSEC spec can protect against this, but tech illiterate users generally click through the security warnings. | ||
== Securing DNS == | == Securing DNS == | ||
Main Article: [[Anonymising_Yourself#DNS | Anonymising Yourself | DNS]] | Main Article: [[Anonymising_Yourself#DNS | Anonymising Yourself | DNS]] |
Revision as of 05:51, 5 March 2016
Domain Name Systems convert domain names (e.g. wiki.installgentoo.com) into ip addresses (e.g. 176.9.127.115). By default, you're probably using your ISP's DNS.
Alternative DNS Servers
If you're unhappy with your ISP's DNS services, consider the following:
- OpenNIC
- The OpenNIC Project relies on volunteers to provide censorship free DNS servers.
Problems with DNS
- DNS can be used for censorship.
- The DNS owner can redirect any domain name to any IP address. This can happen due to siteblocking legislation (e.g. U.K.) or totalitarian governments (e.g. Arab Spring).
- DNS is the simplest way to block a website from a tech illiterate user, and also the easiest site blocking method to circumvent.
- DNS can be used for Man in the Middle attacks.
- If an attacker controls your DNS (e.g. poisoned WiFi), they can redirect your requests to malicious servers. HTTPS with valid certificates, DNSCrypt and servers that support the DNSSEC spec can protect against this, but tech illiterate users generally click through the security warnings.
Securing DNS
Main Article: Anonymising Yourself | DNS