Secure name resolution with DNS-over-TLS

What's the Name?

© Photo by Ainur Iman on Unsplash

© Photo by Ainur Iman on Unsplash

Article from Issue 277/2023
Author(s):

Ordinary DNS sends queries in plaintext. If you're looking for something safer, dial up the privacy with DNS-over-TLS.

In the constantly shifting terrain of network security and administration, the demand for robust privacy measures is at an all-time high. Modern organizations navigate a complex digital ecosystem, often grappling with threats that compromise the integrity of their data and communications. Enter Linux's advanced networking capabilities paired with the security fortifications of DNS-over-TLS – a fusion that promises heightened security levels. This article examines how this integration elevates network privacy, enhancing protection against potential cyberthreats while maintaining seamless communication flows in intricate digital landscapes.

The Problem

At its core, the Domain Name System (DNS) acts as the Internet's directory. Every time a user inputs a domain name into their browser, DNS is the mechanism that translates this human-readable address into a machine-recognizable IP address. For IT professionals, this is Networking 101. Every web application, every cloud service, and every remote server connection hinges on the reliable functioning of DNS.

However, a key flaw permeates traditional DNS. The process, which involves converting domain names into IP addresses, operates in plaintext. The absence of encryption exposes a significant vulnerability, as plaintext communication can be intercepted, viewed, or even manipulated by malicious actors.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Portmaster

    Security and anonymization play an increasingly important role on the Internet due to the endless appetite of Internet companies for personal data. Portmaster and the Safing Privacy Network will help you protect your privacy – even if you're not a security expert.

    more »
  • Unbound DNS Resolver

    The Unbound DNS resolver offers comprehensive security and many other useful features.

    more »
  • systemd-networkd

    The new networkd component of the systemd project supports basic network configuration. Despite its early stage of development, one thing is clear: This is a daemon with brains.

    more »
  • Off-Grid File Sharing

    A battery-powered WiFi hotspot can provide useful services like file sharing even when you're off the grid. A Pi Zero 2 W as the hotspot with ownCloud installed does the trick.

    more »
  • systemd Tips

    Sure, you've heard about systemd, which is rapidly replacing the old System V init system as the go-to service management daemon for the Linux world. But what can you do with systemd really? We'll show you some tricks for improving security, managing processes, and analyzing boot times with systemd.

    more »
comments powered by Disqus