/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integration of DNSSEC #2344

Open
rugk opened this Issue Sep 29, 2016 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
3 participants
@rugk @andrewdavidwong @adrelanos
@rugk

rugk commented Sep 29, 2016

A DNSSEC verification by default would be a nice thing to have.

Also some DNSCrypt servers (see #2341) offer DNSSEC. Of course, however, if you trust the DNSCrypt server enough, you do not have to verify DNSSEC, but yeah I know... Qubes OS trust's nobody. 😄
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Sep 30, 2016

Member

Which Qubes component(s) are you proposing that DNSSEC be implemented in?
Member

andrewdavidwong commented Sep 30, 2016

Which Qubes component(s) are you proposing that DNSSEC be implemented in?
@rugk

This comment has been minimized.

Show comment
Hide comment
@rugk

rugk Sep 30, 2016

The local DNS resolver if there is already one...

Basically the aim is that all applications use a local DNS server (You know, never trust something outside of the device) and that this DNS resolver uses DNSSEC to verify the DNS responses.

As said this is best combined with #2341.

rugk commented Sep 30, 2016

The local DNS resolver if there is already one...

Basically the aim is that all applications use a local DNS server (You know, never trust something outside of the device) and that this DNS resolver uses DNSSEC to verify the DNS responses.

As said this is best combined with #2341.

@andrewdavidwong andrewdavidwong added enhancement C: other help wanted labels Oct 1, 2016

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Oct 1, 2016

@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Oct 1, 2016

Member

https://wiki.debian.org/DNSSEC

On Debian DNSSEC can be made to work by installing dnssec-trigger. But I don't know what it actually does. If it uses the user's ISP DNS server and just enables DNSSEC or uses some alternative DNS server.
Member

adrelanos commented Oct 1, 2016

https://wiki.debian.org/DNSSEC

On Debian DNSSEC can be made to work by installing dnssec-trigger. But I don't know what it actually does. If it uses the user's ISP DNS server and just enables DNSSEC or uses some alternative DNS server.
@rugk

This comment has been minimized.

Show comment
Hide comment
@rugk

rugk Oct 2, 2016

I think the dns server should/is not be changed automatically.

rugk commented Oct 2, 2016

I think the dns server should/is not be changed automatically.

@whohoho whohoho referenced this issue Apr 3, 2018

Open

integration of dns over tls #3782

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment