DNS-over-TLS (rfc7858) is here, and is supported on UncensoredDNS/CensurFriDNS. Using it will vastly improve your privacy and security by encrypting and authenticating the vulnerable "last mile" between you and your DNS provider.
I will describe the technical details including the TLS privacy profiles defined in the RFC, server setup (Nginx), client setup (Stubby (getdns)), my considerations regarding anycast key management and distributing public key pinning information.
I will also briefly describe what it entails to run an anycast node for UncensoredDNS, in case someone in the audience feels like helping out. Finally I will discuss crowd funding possibilities for the project.
- Sunday Aug. 27 14:30 - 15:30