How DNS Over HTTPS & DNS Over TLS Help to Prevent DNS Spoofing
Вставка
- Опубліковано 8 вер 2024
- Amazon Affiliate Store
➡️ www.amazon.com...
Gear we used on Kit (affiliate Links)
➡️ kit.co/lawrenc...
Try ITProTV free of charge and get 30% off!
➡️ go.itpro.tv/lts
Use OfferCode LTSERVICES to get 5% off your order at
➡️ lawrence.video...
Tesla Referral Program Offer
🚘 www.tesla.com/...
Lawrence Systems Shirts and Swag
👕 teespring.com/...
Digital Ocean Offer Code
➡️ m.do.co/c/85de...
HostiFi UniFi Cloud Hosting Service
➡️ hostifi.net/?v...
Protect you privacy with a VPN from Private Internet Access
➡️ www.privateint...
Google Fi Service Referral Code
📱g.co/fi/r/TA02XR
More Of Our Affiliates that help us out and can get you discounts!
➡️ www.lawrencesy...
Twitter
🐦 / tomlawrencetech
Patreon
🔗 / lawrencesystems
Our Forums
🔗 forums.lawrenc...
GitHub
🔗 github.com/law...
Discord
🔗 / discord
Our Web Site
🔗 www.lawrencesy...
PIA Internet Access Affiliates Link
www.privateint...
www.imperva.co...
Also worth noting that you can enable DNS over HTTPS in Preferences > Network Settings in Firefox 66.0.3. So not necessary to go into about:config.
Thanks! didn't notice its already there
Just came here to say "WHAT IS JEN DOING WITH THE INTERNET!?!?!?!" :D amazing videos as always!!
Since she is the employee of the month, the internet lords have allowed her to use it for her speech 😂😂
Need a outbound firewall rule to prevent IoT hosts and others from overriding DNS settings provided via DHCP.
DNS over tls or Https what is faster?
DoT
Can you do a video on how to set this up on the UniFi USG?
Am I correct by assuming that once this gets mainstream - adblocking will be near impossible?
They will still work. The browser still knows every where you go. Ad blockers work by looking at the s and injected content to see what host they are from. If the host in on the block list, it will block it. If it didn't block it the browser would then do a DNS request on the host to get the data. That DNS request would be blocked from your ISPs eyes but the browser still knows where it is going.
Incorrect. I use encrypted DNS and even regular browser adblocking extensions can still filter just fine. You can add adblocking filters on some DNS providers, or you can use something like AdGuard that decrypts HTTPS traffic locally so it can filter the ads efficiently.
This Jen is the internet!
On your video for pfblocker you stated for best practice to set up firewall rules to block LAN for being able to use another DNS than the pfSense set DNS. Now using DNS over TLS that uses port 853, would I need to also set up the same firewall rules along with the ones for port 53 if I’m using pfSense DNS Resolver to do DNS over TLS? Or just rules for 853?
I have cloudflare's dns over https setup with cloudflared
What's about using a transparent proxy with Https? Then you will be able to log the SNI or also block the connection. I'm using this with pfsene at our school environment to block websites.
I strongly suggest you disable DNS over https and use a VPN or Tor if you care about privacy or spoof attacks. We should notngive google and cloudflare complete control of DNS queries.
using a DNS Address for a DNS Server is moot, a reason why your "DNS Server" is always specified as an IP Address is exactly this. the same thing applies to DNS over HTTPS.
Hey Lauren, can I setup DNS over https on Android?
DNS over TLS makes sense to prevent spoofing..... DoH adds a lot of overhead and actually results in less privacy as it leaks all the information that is part of the HTTP header (user agent, cookies/session information, etc.).....But it becomes what DNS servers do you end up trusting? Do you really trust CloudFlare or Google or OpenDNS?
As far as doing your own, it's just a https server that looks at the "dns" field in the query string. Could do a bash, PHP, or JS to serve it.
Why not trust CloudFlare, Quad9, Google or OpenDNS?
@@LAWRENCESYSTEMS Why not trust Google? Seriously? 😳
What are they going to do with your DNS?
@@LAWRENCESYSTEMS What does your ISP do with your DNS? Google's business model is explicitly to monetize every possible piece of information they can. For your ISP, that's at most a side business. Cloudflare makes some pretty strong privacy promises. Personally, I run my own resolver on my pfSense box.
@@LAWRENCESYSTEMS What they do with anything else? Collect every single bit of anything they get their hands on? Mind you, I love your videos and your positive personality. You certainly are a great guy. What I never understood was your knack for Google products, though, considering that if there's one thing that doesn't make them money, it's privacy. I get it, some folks don't care. But even considering a company that bases its entire livelihood on collecting and connecting data to *enhance* personal privacy is… a bit rich.
I'm not saying that CloudFlare, Apple et. al. won't snoop at all, but at least it's not their entire business model and some of them take an active stance towards privacy, for whatever that's worth (we'll never know for sure of course). But in all honesty, giving Google data for privacy reasons is like handing over your whiskey collection to an alcoholic for safekeeping.
Oh and yeah, that downvote isn't mine lol
DNS over HTTPS and DNS over TLS are 2 different protocols. DoT has been around longer and is supported in pfSense (Tom did a video on it in 2018, ua-cam.com/video/7niY890CEUM/v-deo.html). DoH is newer and seems like more of a workaround.
06:36
every single IT kind of problems ROFL
network.trr.bootstrapAddress...