New web browsing security tool arrives: DNS over TLS

More security news
NSA’s Ragtime program targets Americans, leaked files show
CIA to continue cloud push in the name of national security
Eugene Kaspersky: We would quit Moscow if Russia asked us to spy
只有完善了企业的行为准则,将行为准则灌输给每个业务部门,并将其落实到业务过程中,企业的信息安全才会得到保证。

Apple fixes macOS password flaw
Net neutrality is on its death bed. With it gone, ISPs will be able to strip-data-mine your every move on the web. There are answers. One is Tenta’s new secure Domain Name System (DNS) resolver, Tenta DNS. This receives and sends the directions to the websites you visit using the secure Transport Layer Security (TLS) protocol.
DNS is the internet’s master phone book. When you type in a website address or click on a link, it turns human-readable domain names into machine-usable IP addresses. If you use your ISP’s DNS server, which is the default, the ISP can watch your every move. Even if you use an ordinary third-party DNS server, such as Google Public DNS servers, 8.8.8.8 or 8.8.4.4, and one of Cisco’s OpenDNS servers, 208.67.222.222 or 208.67.220.220, your DNS requests are still made in the clear and your ISP can see where you’re going.
To conceal what you’re doing on the web, you must encrypt your DNS requests. To lock these down, developers created the Internet Engineering Task Force (IETF) RFC 7858, Specification for DNS over Transport Layer Security. What Tenta has done is to take this internet standard and turn it into real software.
As the company explained in a blog post, “Tenta DNS is a modern, secure DNS alternative that supports both ICANN and OpenNIC roots, DNS over TLS, and DNSSEC (DNS Security Extensions). By initiating a TLS protocol when DNS data is sent from your browser, Tenta DNS closes yet another crack through which your ISP can spy on you.”
The ICANN DNS is one of the world’s 13 world DNS root servers. OpenNIC is a set of DNS servers maintained by volunteers to offer users DNS services free of censorship and ISP meddling. OpenNIC is best known for supporting alternative top-level domain names such as Bitcoin’s .bit domains.
Most websites and DNS servers support DNSSEC. DNSSEC is used to encrypt domain name data integrity, so that when your browser asks for a DNS address it gets one from a valid DNS server. It doesn’t, however, encrypt the data it sends you. That’s where DNS over TLS comes in.
To use DNS over TLS to protect your web browsing, however, your browser must support the IETF 7858 protocol. For now, the only one that does to my knowledge is the Tenta Private VPN Browser Beta for Android.
信息安全基础考题
This browser relies in turn on Tenta DNS, which is an open-source project written in Golang that you can contribute to on GitHub. To use the services, for now, you must must set up your browser to use Tenta’s DNS nameservers. These are: ICANN’s 99.192.182.200 or 66.244.159.200 and OpenNIC’s 99.192.182.100 or 66.244.159.100.
Other DNS servers are expected to support DNS over TLS soon. As Patrick Nohe, the SSL Store content manager, pointed out, “Adoption depends entirely on the DNS industry. If a server is equipped with SSL/TLS, DNS over TLS is within its capabilities — it’s just a matter of supporting it.”
Programmers, such as those working on the DNS Privacy Project, are also building DNS over TLS implementations.
There is already another protocol, DNSCrypt, which provides some of DNS over TLS protections. It’s supported by Cisco on its OpenDNS servers. While far more widely deployed at this time, DNSCrypt isn’t based on an IETF standard. Historically, IETF protocols become the default rules for low-level internet activities.
With this move Tenta is taking DNS over TLS from theory into practice. With ever-growing dangers to internet privacy, I, for one, hope that they prove to be trailblazers for improved internet privacy.
Related Stories:Free Quad9 DNS service aims to make threat intel more accessibleHow Cloudflare uses lava lamps to encrypt the InternetHow to use a Hosts file to improve your internet experience
Related Topics:
Security
Cloud
使用盗版,不花钱享受了好东西,仿佛是捡了便宜,然而给我们一时快感的盗版会严重伤害我们自己的未来,因为创造力会受到压制,进而会影响到我们的生产力和生活水平。

猜您喜欢

锐读|维护网络安全,打响第五空间人民战争
企业安全意识之歌
CyberSecurity Law Introduction 网络安全法宣传视频系列
又撩妹!奚梦瑶走秀摔倒 帕托送安慰祝早日恢复
TUBEPORNVIDEO MTCOMP
网络信息安全好歌曲