Friendly Reminder to use DNSSEChttps://wander.science/projects/dns/dnssec-resolver-test/
>>100123267cool I literally didn't do anything
>>100123267Nice try glowie
i have a question i cant an answer to. I have set up Cloudflare DoT(DNS over TLS encryption) on my router and my firefox has Cloudflare DoH (DNS over HTTPS) on by default. does it override my router settings? do they work together? do i need to turn off the firefox DNS over HTTPS? whats the course of action here?
>>100123348just look at your browser fingerprint
>>100123348Does firefox work?Use a leak test and see which dns pops up
>>100123411>>100123428i use cloudflare in both cases but my router one uses 1.1.1.2 which also blocks malware. idk how do i know if it works or if i should disable DoH on firefox
>>100123267Nope. All my records are tiny.
DNSSEC is broken bullshit that adds a new attack vector and as long as the BGP protocols aren't certified it's placebo. HSTS is also bad because it doesn't care if the cert changes.
>>100123524Yep https://wander.science/talks/20190724_CAstudy.pdf
>pdfyeah i love trojan embedded pdfs
>>100123267I'm not clicking that shit, nigger
>>100123585https://ieeexplore.ieee.org/document/8806745
>>100123267just use simplecrypt if ur on winblows, had it off and failed but turned it on and passedhttps://www.dnscrypt.org/
ok give me a one click solution for it
>>100124398
>>100123445>idk how do i know if it worksDoes it connect to the internetHow the fuck else?https://www.dnsleaktest.com/What does this say?
>>100124413sorry but I'm not interested in using non-proven, experimental, amateurish softwaregive me a professional one click solution
>>100124596no worries. you will get your google chrome professional corporate grade electron app presenting an "ON" button on an animated gradient background and like 5 toggle options soon, on the Microsoft Windows Store for 12$ + tip (minimum requirements 2GB of RAM, 3GB of storage. made with love in bangladesh.)
>>100123267Mine says "failed" but I'm using a VPN. Is that OK?
>>100123524DNSSEC with DANE has a lot less vectors than CAs. That's why mail servers use it. Browsers don't because they are in the pocket of big CA.BGP won't break the authentication.
>>100123348>he gave nsa access to his router to mitm attack him ngmi
>It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.>not [...] confidentiality.what's the use case
>>100126705It stops people from replacing your DNS answers with whatever they want.
>>100126737but it's not encrypted
>>100126786Correct.
>>100123267What's that wojak looking meme
built my first website when i was 18 and got freaked out when some russian hackers dns poisoned my shit i couldn't figure out what was going on. how prevalent is this? why didn't cloudflare/namecheap enable this shit on default?
>>100123267Just use DNSCrypt, using anything other than this or your on DNSSEC resolver in your local network is retarded
>>100126786For that you use this: >>100129798
>>100124596-professional-one click solutionPick one. You cannot get both.Anything that pretend to be both is a scam.
>>100126737>It stops people from replacing your DNS answers with whatever they want.In theory. In practice if the MitM is upstream from the resolving DNS server then DNSSEC is easily stripped. Adding to this many resolving DNS servers soft fail so the end user won't even know something is wrong. Too many admins are afraid of doing validation because DNSSEC is so fragile and can cause loss of revenue. Public key pinning died from the same fate. It still exists but hardly any sites use it.
>>100124596You're a fucking retard.this is /g/, not /v/.
>>100129900all they had to do is take the webpki system that exists for https and use it for DNSSEC. the fact they didn't do this is why it's so fucking stupid. WebPKI is memey perhaps, but it seems to just work and the major browsers and outside parties do a good job enforcing "trust."
>>100129900>>100130561https://www.grc.com/dns/dns.htm
>>100130715>GRCwhy should I take anything written here as meaningful?
>>100130775Do or don't, it's your choice Whining about it just makes you look like a massive faggot