Комментарии:
You are addressing HALF of the problem : the "question" (request). What about the "reply" ? What is the packet configuration of the reply ? Does it contain your IP address (in clear) and the IP address of the encrypted url (in clear) ? If so, then... you aren't "protected" since your ISP can reverse lookup the DNS contained in the "reply" packet ! No ?
ОтветитьHow does the performance impact look here? DNS under 512 bytes is a UDP query, super fast. Most machines cache the results locally, but resolvers usually don't cache. They may have to take more burden of responding to users queries by encrypting, decrypting, additional payload etc.,
Also I'm not sure if bind daemon supports these protocols as it's widely used.
From India.. thanks 👍
Ответитьso helpful, much thanks
Ответитьvery good. demoing with wireshark was very useful. thank you and please keep making videos like this.
ОтветитьVery good video but the background music is annoying
ОтветитьThanks for the knowledge. So these techniques still need to be supported by the hosters/sites to make it fully encrypted?
I am just wondering if its really better to send the dns query via cloud based providers instead of „trusting/rely“ on your ISP. Probably depends on the country and their laws
Still confused if I should use DoH or DoT. I wanna be secure but also want to hide from my ISP.
ОтветитьThank you for your video. I have a question what do you think would be faster DoH or DoT?
ОтветитьVery helpful and makes learning easy. I watched it twice to digest all details well.
Ответитьcan't connect to internet with my mobile data but with wifi....my browser says dns is hijacked or polluted please please help me to fix this issue
ОтветитьAnnoying music.
Ответитьif you are using a VPN does it matter ?
ОтветитьCan zone transfers also be done the same?
ОтветитьWouldn’t encrypting your queries with DOH or DOT also protect you from the dns provider itself?
I understand that Cloudfare, Nextguard, etc claim not to keep logs but can they initially see all of our traffic?
Doesn't my provider still know which domains I visit? It the provider has a DNS, the provider knows which IPs belong to which domain. So even if my provider does not see the DNS request, once I load a single package from the IP he will still know that I visited the website with that IP. If the DNS knows which IP belongs to which domain, the opposite should als be possible. So I do now really see how my privacy is protected unless I use a VPN.
PS: Be careful with Google's DNS servers! Google does not really provide that service for free. They will store all the domains you visited forever to send you even more targeted ads.
Nice
ОтветитьWürde ich das Problem lösen, wenn ich einen VPN in meinem Wlan-Netzwerk etabliere und wenn nicht, warum nicht? Besten Dank! - Ich beantworte mal selbst, würde mich aber über Feedback freuen: das Problem entsteht "ausserhalb" meines Netzwerkes und die IP-Adresse wird über die Leitung "einsehbar" so kein TLS über DNS konfiguriert ist. Der VPN kann nur verhindern, dass jemand mein Wlan entert, davon wird das senden der IP ausserhalb des Netzwerkes aber nicht berührt, korrekt?
ОтветитьI like your accent as a non englsih native speaker
ОтветитьThank you
ОтветитьPerfect Content and clear explanation! Kudos to you!
Please make more of this kinds of technical/conceptual videos related to security topics which are a great help for other IT/Network enthusiastic individuals such as myself!
So so you recommend IPS DNS or CloudFlare DNS over HTPPS? Great video btw
ОтветитьBut doesn't this only hide the URL? Once the URL is resolved to an IP address, isn't that IP address then visible to your ISP, therefore they can still work out exactly what website you are accessing?
ОтветитьHow do attackers use the DOH for malicious purposes? Will they use any tool to tunnel the DOH and then applies data exfiltration or they will exploit the server such as Cloudflare, Mozilla and then applies C2 commands.
ОтветитьAn enable button on a web browser does not mean anything has been changed. I doubt firefox, a company dependent on google for its existence, can be trusted.
ОтветитьHow these settings are turned on..?
(Using DNS over WARP)
Very interesting topic! New to your channel!
ОтветитьThanks, that was a good discussion.
Ответитьjust post all ip addresses
Ответитьreally helphufl thanks ! :)
ОтветитьVery well explained. Thank you. 🙏🏽
ОтветитьI learnt something new thanks to you.
ОтветитьWouldn't the purpose be defeated if a company's DNS doesn't support DoH or DoT?
ОтветитьCentralized or De-Centralized , that's the question too :) , thanks for the nice video
ОтветитьAwesome content, had been banging my head on such concepts. Request you to explain how to capture the data via Wireshark.
ОтветитьI want to see the configuration you did for stubby.yml file. Could you please share?
ОтветитьQuestion: Considering android 9 pie now incorporates DoT configuration, browsers like Bromite incorporating DoH and DNS providers like Quad9 providing free encrypted options for both... is it possible/beneficial to use both simultaneously...? On android mobile or tablet devices
ОтветитьSo, which one is better to use? DoT or DoH?????
ОтветитьYes pls more videos on this topic ✌
ОтветитьThis channel is very helpful for DevOps.
Ответить