We are still actively working on the spam issue.
Difference between revisions of "DNS"
(→Problems with DNS) |
(hosting a dns) |
||
Line 3: | Line 3: | ||
== Alternative DNS Servers == | == Alternative DNS Servers == | ||
If you're unhappy with your ISP's DNS services, consider the following: | If you're unhappy with your ISP's DNS services, consider the following: | ||
+ | |||
+ | ; Google DNS | ||
+ | : 8.8.8.8 | ||
+ | : 8.8.4.4 | ||
; OpenNIC | ; OpenNIC | ||
Line 17: | Line 21: | ||
== Securing DNS == | == Securing DNS == | ||
− | Main Article: [[Anonymising_Yourself#DNS | | + | Main Article: [[Anonymising_Yourself#DNS | Anonymous DNS]] |
+ | |||
+ | = Running a DNS = | ||
+ | While running a publicly available DNS is a bad idea (as with [[NTP]] servers, users will attempt to connect to you for years after you lose interest in hosting), you can easily run a DNS via linux's [http://www.thekelleys.org.uk/dnsmasq/doc.html dnsmasq]. | ||
+ | |||
+ | == Redirect Everything to a Single Server == | ||
+ | Redirecting all domain requests to a single server is easy with dnsmasq. Assuming your server is located at 192.168.1.1: | ||
+ | listen-address=192.168.1.1 | ||
+ | address=/#/192.168.1.1 | ||
+ | This is useful if you're running a [https://piratebox.cc/ PirateBox]esque server, where you only want users to see a single website. | ||
+ | Any HTTPS website the user attempts to connect to will not work (that's HTTPS/CAs/Certs doing their job), but all HTTP servers will be redirected. |
Revision as of 06:53, 5 March 2016
Domain Name Systems convert domain names (e.g. wiki.installgentoo.com) into ip addresses (e.g. 176.9.127.115). By default, you're probably using your ISP's DNS.
Contents
Alternative DNS Servers
If you're unhappy with your ISP's DNS services, consider the following:
- Google DNS
- 8.8.8.8
- 8.8.4.4
- OpenNIC
- The OpenNIC Project relies on volunteers to provide censorship free DNS servers.
Problems with DNS
- DNS can be used for censorship.
- The DNS owner can redirect any domain name to any IP address. This can happen due to siteblocking legislation (e.g. U.K.) or totalitarian governments (e.g. Arab Spring).
- DNS is the simplest way to block a website from a tech illiterate user, and also the easiest site blocking method to circumvent.
- DNS can be used for Man in the Middle attacks.
- If an attacker controls your DNS (e.g. poisoned WiFi), they can redirect your requests to malicious servers. HTTPS with valid certificates, DNSCrypt and servers that support the DNSSEC spec can protect against this, but tech illiterate users generally click through the security warnings.
Securing DNS
Main Article: Anonymous DNS
Running a DNS
While running a publicly available DNS is a bad idea (as with NTP servers, users will attempt to connect to you for years after you lose interest in hosting), you can easily run a DNS via linux's dnsmasq.
Redirect Everything to a Single Server
Redirecting all domain requests to a single server is easy with dnsmasq. Assuming your server is located at 192.168.1.1:
listen-address=192.168.1.1 address=/#/192.168.1.1
This is useful if you're running a PirateBoxesque server, where you only want users to see a single website. Any HTTPS website the user attempts to connect to will not work (that's HTTPS/CAs/Certs doing their job), but all HTTP servers will be redirected.