Why DNS encryption is not the norm?

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

J

joet12345

Guest
Not sure why?

But I think every ISP does a "man in the middle attack" when you type a wrong word in the address bar and gives you an advert...

for example:

AT&T has this hard coded in their routers:

domain attlocal.net

this is their server listening to your DNS requests

Bypassing this DNS in the middle removes this... in resolv.conf using linux...not sure in windows tho...
 
If my ISP would not have honoured Non-Existent Domain (NXDOMAIN) responses, I would have changed them immediately; for me, any ISP that does that does not deserve my money.

DNS traffic security is a fairly recent change to the specification. Very few DNS recursors support it right now, and while the number is going up, it will still take some time. It took us about 25 years and a quasi-monopoly (Alphabet) before making HTTP over TLS as the default document transfer protocol, instead of HTTP, on the Internet.

Regarding “attlocal.net” DNS search domain, you can remove it in your DHCP Server settings (local DNS resolution might break), or always use the Fully Qualified Domain Name (FQDN) which includes a period at the end of the name, as such: forums.grc.com.
Using the FQDN tells your recursor that you want the precise name and not to search for alternatives if it receives an NXDOMAIN.
Note: forums.grc.com is not a FQDN, whereas forums.grc.com. is.
 
I have lived in many places and Internet Service Providers buy "areas" not sure how else to put it. For example, in one area only comcast is allowed and no other... while in another area only AT&T is allowed. So you are forced to use one regardless if you don't like their "practices"...

I am learning how to do DNS encryption just recently. I am surprised there are many companies now enforcing that I think even firefox has that built in their browsers....but I don't use firefox.

Windows 10 has now transformed into a very heavy intrusive operating system...I have tried to disable many intrusive services to no win...the operating system lies to you. For example, I disable the antivirus automatic scanning but yet it is working in the background testing every app I use. If I disable more things to get it to bare bones, the OS goes in to panic mode and halts many things. I gave up on windows just recently...

on linux, you are back again to be in control over the operating system. No hard coded built in admin to the OS...you can brake it easy and do whatever you please...
 
The "areas" are divided into two slots, cable and DSL, so the examples you gave, AT&T and Comcast can't block each other. I think AT&T's Time Warner purchase did put AT&T into both slots in some places however.
 
You must log in or register to reply here.

Similar threads

Duckpaddle
CoPilot is not the only AI M$ is running.
Replies
0
Views
178
Security
Duckpaddle
Duckpaddle
G
  • Contains 1 staff post(s)
Why port scanner does not detect that my port 443 is open?
Replies
6
Views
628
Security
JimB
J
gvlx
Why the National Vulnerability Database is lacking quality
Replies
0
Views
297
Security
gvlx
gvlx
Duckpaddle
This is why I never connect my TV directly to the Internet
Replies
5
Views
695
Security
SeanBZA
S
J
grc.com not really save
Replies
3
Views
580
Security
PHolder
P
Top Bottom
Back