OpenNIC, DNSCrypt and DNSSEC

Discuss securing DNS servers and threats/attacks.
Simon
Posts: 2
Joined: Fri Jul 21, 2017 10:29 am

OpenNIC, DNSCrypt and DNSSEC

Postby Simon » Fri Jul 21, 2017 11:33 am

Hi all,
Lately I have been looking and securing my DNS requests by means of DNSCrypt and DNSSEC and would have a few questions/remarks

DNSCrypt
According to its Wikipedia page

In addition to private deployments, the DNSCrypt protocol has been adopted by several public DNS resolvers, the vast majority being members of the OpenNIC network, as well as virtual private network (VPN) services.


Yet, on what seem to serve as central repository listing DNSCrypt enabled resolver https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv, I was surprised to find only 3 entries (ipv4), two being Fusl anycast servers and one from TurmaBox.

Is that correct? OpenNIC does have extra DNSCrypt servers, doesn't it?
Side remark, Fusl server (OpenNIC in general) do (should) resolve .bit domains while listed as not

DNSSEC
I could not find any OpenNIC servers being DNSSEC aware, will the be implemented at some point in time?

verax
Site Admin
Posts: 30
Joined: Mon Jan 18, 2016 3:16 am

Re: OpenNIC, DNSCrypt and DNSSEC

Postby verax » Wed Jan 03, 2018 3:42 am

The OpenNIC servers list shows which servers support DNSCrypt: (yellow flag)
https://servers.opennicproject.org/

Any DNS server that has been updated in the last 5 years is DNSSEC _aware_, but DNSSEC validating is a different story. Currently I'm not aware of anywhere that lists ones that do validation, if any even do.


Return to “Security”

Who is online

Users browsing this forum: No registered users and 0 guests