Thanks! Yes I meant for my computers not hosted DNS. On Mon, Feb 13, 2012 at 4:44 PM, Michael Potts <[email protected]> wrote:
> I assume you are talking about DNS for your computers, not hosted DNS > (like a nameserver for your domain). > I rely on OpenDNS almost exclusively with the occasional failover to > Google's DNS when I need to do some testing. > > OpenDNS has some great features when you create an account. > > On even a medium-bandwidth connection, I have basically stopped using a > local DNS server (aka BIND on a router or something). I have the DHCP > server pass OpenDNS to the machines and go from there. > > Got a Mac? They have DNS over (a protocol like) SSL to prevent MitM > attacks on DNS: https://www.opendns.com/technology/dnscrypt/ > > *4. Is this using SSL? What's the crypto and what's the design?* >> >> We are not using SSL. While we make the analogy that DNSCrypt is like >> SSL in that it wraps all DNS traffic with encryption the same way SSL wraps >> all HTTP traffic, it's not the crypto library being used. We're using >> elliptical-curve cryptography, in particular the >> Curve25519<http://dnscurve.org/crypto.html> eliptical >> curve. The design goals are similar to those described in the DNSCurve >> forwarder <http://dnscurve.org/out-implement.html> design. >> > > For DNS service for my domains, I use my awesome registrar's DNS service ( > http://uf.register4less.com , Link using referral to give credit to the > awesome webcomic, userfriendly.org) > > I have also begun to use CloudFlare.com, as they have some fancy-pants > features and a fancy new-style AJAX-based control panel. R4L's is basic > HTML (which I like in most cases). > > Michael Potts > GV: (904) 638-2914 | Gtalk: [email protected] > @HMHackMaster | http://about.me/MichaelPotts > > > > On Mon, Feb 13, 2012 at 3:08 PM, inkrypto <[email protected]> wrote: > >> What external DNS do you use? I use comcast, my ISP's, and run a lil >> webserver but don't want to get spoofed and don't know enough about bind >> to >> harden it so . . . >> >> OpenDNS? >> > >
