Fernando Gont – Internet Society

DNS Privacy Frequently Asked Questions (FAQ)

Fernando Gont — Fri, 15 Mar 2019 14:00:51 +0000

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions, and mentioned some of the protocols that have been recently developed to improve user privacy. To complement this, we are publishing our DNS Privacy Frequently Asked Questions (FAQ). This highlights and provides answers to the most important aspects […]

The post DNS Privacy Frequently Asked Questions (FAQ) appeared first on Internet Society.

Introduction to DNS Privacy

Fernando Gont — Thu, 14 Mar 2019 02:00:45 +0000

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map a human-friendly domain name to a set of IP addresses that can be used to deliver packets over the Internet. DNS transactions can therefore be correlated to the applications we use, the websites we visit, and […]

The post Introduction to DNS Privacy appeared first on Internet Society.

IPv6 Security for IPv4 Engineers

Fernando Gont — Wed, 13 Mar 2019 02:00:57 +0000

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a different protocol! But we think years of IPv4 operational experience should be leveraged as much as possible. So we are publishing IPv6 Security for IPv4 Engineers as a roadmap to IPv6 security that is specifically aimed at IPv4 engineers […]

The post IPv6 Security for IPv4 Engineers appeared first on Internet Society.

IPv6 Security Frequently Asked Questions (FAQ)

Fernando Gont — Tue, 12 Mar 2019 01:00:24 +0000

The Internet Society recognises that global deployment of the IPv6 protocol is paramount to accommodating the growth of the Internet. Given the scale at which IPv6 must be deployed, it is also important that the possible security implications of IPv6 are well understood and considered during the design and deployment of IPv6 networks, rather than […]

The post IPv6 Security Frequently Asked Questions (FAQ) appeared first on Internet Society.

How IPv6 SLAAC Responds to Renumbering Events

Fernando Gont — Mon, 11 Mar 2019 02:00:41 +0000

If you follow the IPv6 Maintenance (6man) Working Group of the Internet Engineering Task Force (IETF), you may have noticed the 300+ message email thread on an Internet Draft that was recently published on the “Reaction of Stateless Address Autoconfiguration (SLAAC) to Renumbering Events”. This was prompted by the experiences of developing Best Current Operational Practice on IPv6 prefix […]

The post How IPv6 SLAAC Responds to Renumbering Events appeared first on Internet Society.

DNS-over-TLS in Linux (systemd)

Kevin Meynell — Fri, 28 Dec 2018 01:00:51 +0000

Whilst we were putting together some content about DNS privacy recently, we learned that recent distributions of Linux ship with support for making DNS queries over TLS. We therefore decided to give Ubuntu 18.10 a try on a laptop. More recent versions of Ubuntu employ a special service for name resolution called ‘system-resolved.service(8)’. The configuration file […]

The post DNS-over-TLS in Linux (systemd) appeared first on Internet Society.

DNS-over-HTTPS (DoH) Support in Mozilla Firefox

Kevin Meynell — Wed, 26 Dec 2018 01:00:51 +0000

Recent releases of Firefox have introduced the concept of DNS privacy under the name “Trusted Recursive Resolver”. Although Firefox ships with DNS-over-HTTPS (DoH) disabled by default, there has been some discussion within the Mozilla developer community about changing the default to “enabled”. Although DoH is somewhat controversial because it moves control plane (signalling) messages to the […]

The post DNS-over-HTTPS (DoH) Support in Mozilla Firefox appeared first on Internet Society.