Jump to content
funtoo forums
walterw

Unbound with DNSSEC / other providers

Recommended Posts

I was running unbound in conjunction with DNSSEC to basically ensure that responses aren't tampered with (because it is plaintext, if there is a malicious party in between me and the DNS server, it could modify the response without me knowing).  Now, if I run unbound by itself in this manner, basically, my DNS queries are sent out in the open, plaintext and then unbound will do all of that magic for me, ensuring that the IP address for google.com is indeed what it should be.  Now, not all zones to my knowledge are signed.  Now, if I'm worried about someone seeing what my DNS traffic is, then they're going to be able to see my IP traffic too, so I don't see how much benefit there is to hide my DNS traffic.  Yes, the IP address might be used by many domains, but they might all be fairly closely related.

Now, if I were using forwarding DNS queries to another provider, I am basically delegating that responsibility to them and may or may not be able to validate the result.  Is that an accurate assessment?  And, since they may not provide DNSSEC, if the DNS provider isn't offering DoH or DNSCrypt, then I have no guarantee that the IP address returned is accurate?

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...