[Nottingham] Dnscrypt: bleeding edge privacy - HowTo

Martin martin at ml1.co.uk
Mon May 28 21:46:08 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 28/05/12 18:46, Mike Cardwell wrote:
> On 28/05/12 18:21, Martin wrote:
>> Folks,
> 
>> There is:
> 
>> Dnscrypt: bleeding edge privacy - HowTo 
>> http://forum.mandriva.com/en/viewtopic.php?f=86&t=137598
> 
>> ... which relies upon OpenDns: http://www.opendns.com/


> The problem with DNSCrypt is that nobody uses it. Except for
> OpenDNS. And it doesn't guarantee you that you're getting the
> correct results either. It only guarantees you that you're getting
> the results that OpenDNS wants you to get.
> 
> DNSSEC on the other hand guarantees you that you're getting the 
> results that the person managing the DNS for a domain, wanted you
> to receive. DNSSEC is much more widely adopted (although adoption
> is
[---]


Thanks for that, and for the good summary.


So... Once again I've tried DNSSEC using Bind9 and...

No go with the normal VirginMedia DNS servers :-(

Largely good results but slow with the Google open DNS servers.
Curiously, there's very long delays for everything to resolve for the
virginmedia.com website!

Your own domain example works fine and fast via the Google DNS using
DNSSEC.


So... Is anything special needed to run DNSSEC through the VirginMedia
DNS servers?

Any other (faster?) alternatives than the Google open DNS?


Cheers,
Martin

- -- 
- - ------------------ - ----------------------------------------
- -    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- - martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- - ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/D8kYACgkQ+sI3Ds7h07fYJgCeIRQel4nOR+UdVkf6sT4LLGb2
G5sAmgMCcCC/uy6V0QEP/gkQfdaLFa2T
=eNKH
-----END PGP SIGNATURE-----



More information about the Nottingham mailing list