DNS is at the heart of the network. Without it, we are hopelessly lost. We can't even google for it. It allows us humans to map the network into the human domain and vice-versa. Yet we ignore it as unimportant part of network security fabric and allow individual unnamed corporation to control over 20% the internet lookups, because they are not evil.
This presentation should serve as a quick survey of DNS technologies from basic overview of how DNS works, to DoT, DoH, and DNScrypt. Finally we cover DNSSEC and reasons we should stop ignoring it if we want a trustworthy and resilient infrastructure. Finally we will cover why running your own DNS server should be the first thing you do to secure your own networks.
Fun Fact: pdns-recursor in openSUSE is DNSSEC validating by default for half a decade already
DNS is at the heart of the network. Without it, we are hopelessly lost. We can't even google for it. It allows us humans to map the network into the human domain and vice-versa. Yet we ignore it as unimportant part of network security fabric and allow individual unnamed corporation to control over 20% the internet lookups, because they are not evil.
This presentation should serve as a quick survey of DNS technologies from basic overview of how DNS works, to DoT, DoH, and DNScrypt. Finally we cover DNSSEC and reasons we should stop ignoring it if we want a trustworthy and resilient infrastructure. Finally we will cover why running your own DNS server should be the first thing you do to secure your own networks.
Fun Fact: pdns-recursor in openSUSE is DNSSEC validating by default for half a decade already