惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Vulnerabilities – Threatpost
U
Unit 42
F
Fortinet All Blogs
aimingoo的专栏
aimingoo的专栏
P
Proofpoint News Feed
F
Full Disclosure
月光博客
月光博客
Engineering at Meta
Engineering at Meta
博客园_首页
The Register - Security
The Register - Security
G
Google Developers Blog
The Cloudflare Blog
博客园 - Franky
K
Kaspersky official blog
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
C
Check Point Blog
NISL@THU
NISL@THU
AI
AI
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Stack Overflow Blog
Stack Overflow Blog
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
量子位
Vercel News
Vercel News
T
Tor Project blog
P
Privacy International News Feed
D
Docker
I
Intezer
L
LangChain Blog
P
Proofpoint News Feed
Security Latest
Security Latest
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
博客园 - 聂微东
AWS News Blog
AWS News Blog
Martin Fowler
Martin Fowler
P
Privacy & Cybersecurity Law Blog
V
V2EX
Last Week in AI
Last Week in AI
C
Cybersecurity and Infrastructure Security Agency CISA
The Hacker News
The Hacker News
T
Tenable Blog
Blog — PlanetScale
Blog — PlanetScale
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog

DNS on CoreDNS: DNS and Service Discovery

kubeforward Cluster DNS: CoreDNS vs Kube-DNS Scaling CoreDNS in Kubernetes Clusters Migration from kube-dns to CoreDNS Deploying Kubernetes with CoreDNS using kubeadm Setting up CoreDNS (on AWS) A first look at CoreDNS How Queries Are Processed in CoreDNS Custom DNS Entries For Kubernetes CoreDNS for Minikube
DNS over HTTPS
miek · 2016-11-27 · via DNS on CoreDNS: DNS and Service Discovery

Note this requires the proxy plugin which has been deprecated.

Since almost a year Google has a DNS service that can be queried over HTTPS: https://dns.google.com. This means your queries are encrypted and can only be seen by you (and Google(!)). Seeing all the press about the UK’s snooper’s charter I though I should implement this as a plugin in CoreDNS.

I’m (obviously) going to use this myself; which is perfect as it protects me and it allows me to dog food CoreDNS as a DNS proxy in my home network.

A note worthy other implementation is “dingo”: https://github.com/pforemski/dingo.

Also note that this a different protocol than “DNS over TLS” which has similar goals and is being standardized by the IETF.

Currently you’ll need to compile CoreDNS from source to play with this or wait until CoreDNS-004 is released.

The configuration on the CoreDNS side is pretty straight forward. The following Corefile is all you’ll need:

. {
    proxy . 8.8.8.8 {
        protocol https_google
    }
    cache
    log
    errors
}

Next start CoreDNS, and query it.

% ./coredns
.:53
2016/11/26 17:11:07 [INFO] CoreDNS-003
CoreDNS-003
::1 - [26/Nov/2016:17:13:10 +0000] "MX IN miek.nl. udp false 4096" NOERROR 246 149.791162ms
::1 - [26/Nov/2016:17:13:11 +0000] "MX IN miek.nl. udp false 4096" NOERROR 170 156.432µs

The only unencrypted DNS used is from your laptop/phone/computer to CoreDNS, the rest is encrypted.

By default, dns.google.com will be re-resolved every 30 seconds using 8.8.8.8 and 8.8.4.4 (you can override these defaults). This is the only query not encrypted, but this will probably lead to a very boring browser history.

Next, I need to configure a Raspberry Pi and install CoreDNS on it. And as with all CoreDNS developments feedback is welcome.