DNS over TLS: Difference between revisions

Content deleted Content added

Inline

Revision as of 06:31, 19 July 2018

DNS over TLS is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks.

DNS over TLS is covered by two Standards Track IETF RFCs: RFC 7858 and RFC 8310.^[1]^[2] As of 2018^[update], Cloudflare, Quad9 and CleanBrowsing are providing public DNS resolver services via DNS over TLS.^[3]^[4]^[5]^[6] In April 2018, Google announced that Android P will include support for DNS over TLS.^[7] DNSDist, from PowerDNS also announced support for DNS over TLS on its latest version 1.3.0.^[8]. BIND users can also provide DNS over TLS by proxying it through stunnel.^[9] Technitium DNS Server has announced support for DNS over TLS in latest version 1.0^[10].

DNS over TLS - Public DNS Servers

DNS over TLS server implementations are already available for free by some public DNS providers^[6]. Three implementations are offering production services:

Provider	IPs	Blocking	Features
Cloudflare	1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001	No	DNS over TLS at port 853. ^[11], DNSSEC validation
Quad9	9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9	Malicious domains	DNS over TLS at port 853^[12], DNSSEC validation
CleanBrowsing	185.228.168.168 185.228.168.169 2a0d:2a00:1:: 2a0d:2a00:2::	Adult content.	DNS over TLS at port 853^[13], DNSSEC validation

References

^ Duane, Wessels; John, Heidemann; Liang, Zhu; Allison, Mankin; Paul, Hoffman. "Specification for DNS over Transport Layer Security (TLS)". tools.ietf.org. Retrieved 2018-04-08.
^ Tirumaleswar, Reddy; Daniel, Gillmor; Sara, Dickinson. "Usage Profiles for DNS over TLS and DNS over DTLS". tools.ietf.org. Retrieved 2018-04-09. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
^ "How to keep your ISP's nose out of your browser history with encrypted DNS". Ars Technica. Retrieved 2018-04-08.
^ "DNS over TLS - Cloudflare Resolver". developers.cloudflare.com. Retrieved 2018-04-08.
^ "Quad9, a Public DNS Resolver - with Security". RIPE Labs. Retrieved 2018-04-08.
^ ^a ^b "Troubleshooting DNS over TLS".
^ "DNS over TLS support in Android P Developer Preview". Google Security Blog. April 17, 2018.
^ dnsdist.org https://dnsdist.org/guides/dns-over-tls.html. Retrieved 25 April 2018. {{cite web}}: Missing or empty |title= (help)
^ "Bind - DNS over TLS".
^ "Configuring DNS Server For Privacy & Security". blog.technitium.com. Retrieved 2018-07-19.
^ "CloudFlare - DNS over TLS".
^ "Quad9 - DNS over TLS".
^ "CleanBrowsing - DNS over TLS".

This Internet-related article is a stub. You can help Wikipedia by expanding it.

[1] Duane, Wessels; John, Heidemann; Liang, Zhu; Allison, Mankin; Paul, Hoffman. "Specification for DNS over Transport Layer Security (TLS)". tools.ietf.org. Retrieved 2018-04-08.

[2] Tirumaleswar, Reddy; Daniel, Gillmor; Sara, Dickinson. "Usage Profiles for DNS over TLS and DNS over DTLS". tools.ietf.org. Retrieved 2018-04-09. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)

[3] "How to keep your ISP's nose out of your browser history with encrypted DNS". Ars Technica. Retrieved 2018-04-08.

[4] "DNS over TLS - Cloudflare Resolver". developers.cloudflare.com. Retrieved 2018-04-08.

[5] "Quad9, a Public DNS Resolver - with Security". RIPE Labs. Retrieved 2018-04-08.

[troubleshoot-dnsovertls-6] "Troubleshooting DNS over TLS".

[7] "DNS over TLS support in Android P Developer Preview". Google Security Blog. April 17, 2018.

[DNSDist_DNS_over_TLS-8] dnsdist.org https://dnsdist.org/guides/dns-over-tls.html. Retrieved 25 April 2018. {{cite web}}: Missing or empty |title= (help)

[9] "Bind - DNS over TLS".

[10] "Configuring DNS Server For Privacy & Security". blog.technitium.com. Retrieved 2018-07-19.

[11] "CloudFlare - DNS over TLS".

[12] "Quad9 - DNS over TLS".

[13] "CleanBrowsing - DNS over TLS".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

@@ Line 4: / Line 4: @@
 DNS over TLS is covered by two Standards Track [[IETF RFC]]s: {{IETF RFC|7858}} and {{IETF RFC|8310}}.<ref>{{Cite web|url=https://tools.ietf.org/html/rfc7858|title=Specification for DNS over Transport Layer Security (TLS)|last=Duane|first=Wessels|last2=John|first2=Heidemann|website=tools.ietf.org|language=en|access-date=2018-04-08|last3=Liang|first3=Zhu|last4=Allison|first4=Mankin|last5=Paul|first5=Hoffman}}</ref><ref>{{Cite web|url=https://tools.ietf.org/html/rfc8310|title=Usage Profiles for DNS over TLS and DNS over DTLS|last=Tirumaleswar|first=Reddy|last2=Daniel|first2=Gillmor|date=|website=tools.ietf.org|language=en|archive-url=|archive-date=|dead-url=|access-date=2018-04-09|last3=Sara|first3=Dickinson}}</ref> {{As of|2018}}, [[Cloudflare]], [[Quad9]] and '''CleanBrowsing''' are providing [[public DNS resolver]] services via DNS over TLS.<ref>{{Cite news|url=https://arstechnica.com/information-technology/2018/04/how-to-keep-your-isps-nose-out-of-your-browser-history-with-encrypted-dns/|title=How to keep your ISP’s nose out of your browser history with encrypted DNS|work=Ars Technica|access-date=2018-04-08|language=en-us}}</ref><ref>{{Cite web|url=https://developers.cloudflare.com/1.1.1.1/dns-over-tls/|title=DNS over TLS - Cloudflare Resolver|website=developers.cloudflare.com|language=en|access-date=2018-04-08}}</ref><ref>{{Cite web|url=https://labs.ripe.net/Members/stephane_bortzmeyer/quad9-a-public-dns-resolver-with-security|title=Quad9, a Public DNS Resolver - with Security|website=RIPE Labs|access-date=2018-04-08}}</ref><ref name="troubleshoot-dnsovertls">{{cite web|title=Troubleshooting DNS over TLS|url=https://medium.com/@nykolas.z/troubleshooting-dns-over-tls-e7ca570b6337}}</ref>
 In April 2018, Google announced that [[Android P]] will include support for DNS over TLS.<ref>{{cite web |title=DNS over TLS support in Android P Developer Preview
-|date=April 17, 2018 |work=Google Security Blog |url=https://security.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html }}</ref> '''DNSDist''', from [[PowerDNS]] also announced support for DNS over TLS on its latest version 1.3.0.<ref name="DNSDist DNS over TLS">{{cite web|url=https://dnsdist.org/guides/dns-over-tls.html|website=dnsdist.org|accessdate=25 April 2018}}</ref>. '''[[BIND]] users''' can also provide DNS over TLS by proxying it through stunnel.<ref>{{cite web|title=Bind - DNS over TLS|url=https://kb.isc.org/article/AA-01386/0/DNS-over-TLS.html}}</ref>
+|date=April 17, 2018 |work=Google Security Blog |url=https://security.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html }}</ref> '''DNSDist''', from [[PowerDNS]] also announced support for DNS over TLS on its latest version 1.3.0.<ref name="DNSDist DNS over TLS">{{cite web|url=https://dnsdist.org/guides/dns-over-tls.html|website=dnsdist.org|accessdate=25 April 2018}}</ref>. '''[[BIND]] users''' can also provide DNS over TLS by proxying it through stunnel.<ref>{{cite web|title=Bind - DNS over TLS|url=https://kb.isc.org/article/AA-01386/0/DNS-over-TLS.html}}</ref> Technitium DNS Server has announced support for DNS over TLS in latest version 1.0<ref>{{Cite web|url=https://blog.technitium.com/2018/06/configuring-dns-server-for-privacy.html|title=Configuring DNS Server For Privacy & Security|website=blog.technitium.com|language=en|access-date=2018-07-19}}</ref>.
 == DNS over TLS - Public DNS Servers ==

Internet security protocols
Key management
Kerberos RPKI PKIX Web of trust X.509 XKMS
Application layer
DKIM DMARC HTTPS PGP Sender ID SPF S/MIME SSH TLS/SSL
Domain Name System
DANE DNSSEC DNS over HTTPS DNS over TLS CAA
Internet Layer
IKE IPsec L2TP OpenVPN PPTP WireGuard
v t e

Revision as of 06:31, 19 July 2018

DNS over TLS - Public DNS Servers

See also

References