A free, sovereign and GDPR-compliant recursive DNS resolver with a strong focus on security to protect the citizens and organizations of the European Union.

Blaze@lemmy.zip · 6 days ago

A free, sovereign and GDPR-compliant recursive DNS resolver with a strong focus on security to protect the citizens and organizations of the European Union.

IZZI@lemm.ee · 6 days ago

No, I just don’t understand how a DNS can be secure or not secure

towerful@programming.dev · 6 days ago

You can get a lot of metadata from DNS lookups.

Traditional DNS is just simple UDP. There is no authentication of authority.
There are actually DNS attacks where - if you are intercepting the traffic - you can reply faster than the actual DNS. At which point the client will trust whatever you return as it arrived first.
Indeed, that’s how multiple DNS addresses work. Your computer will yeet a request to all configured DNS. First response gets used.

Also, as it’s unencrypted, anyone that can snoop the traffic can see what domain names you are requesting.

There are a few standards that are working to solve this including DoH (DNS over HTTPS) and DoT (DNS over TLS).

twix@infosec.pub · 6 days ago

You can see a DNS server as a phone book for your computer. Your computer needs to seek a connection to an ip address to display a website for example. But you as a user only knows the url of the website. So your computers asks the dns server which ip address it should go to.