• Linux

    Which DNS server to use?

    DNS is a crucial part of the Internet. However DNS traffic is usually not encrypted and can leak lots of interesting information and originally DNS also did not provide date integrity, making it vulnerable to DNS spoofing. These days, improvements are being made to fix these problems. Data integrity is proved by DNSSEC and the privacy part is being tackled by the DNS Privacy project, proposing solutions like DNS-over-TLS (all data between resolver and client is encrypted) and QNAME minimisation (not sending the FQDN but only the relevant part to each DNS server when doing recursive resolving). More information about the DNS Privacy project can be found in this Fosdem…

  • Linux

    Secure and private DNS with Knot Resolver

    Knot Resolver is a modern, feature-rich recursive DNS server. It is used by Cloudflare for its 1.1.1.1 public DNS service. In this article I will show how to install and configure Knot Resolver on Debian and how you can set it up to forward requests over TLS (for example to Quad9 or Cloudflare) and use an RPZ file to filter malicious domains.

  • Uncategorized

    “The Great Firewall of Belgium” active

    Since today, Belgium has got it’s own version of “The Great Firewall of China”. The biggest Belgian ISPs are blocking access to several web sites, often related to child porn. The idea already existed for several months, but the implementation was probably accelerated after a Dutch guy recently created a website where he posted detailed personal information about child abusers in Belgium. While publishing such detailed private information is forbidden in Belgium, it was very difficult to take real action against the website, because it operated from abroad. So now this website is not accessible anymore from most Belgian ISPs. People who try to access this website, get redirected to…