Does Vivaldi browser support IETF 7858 protocol ?
-
Hi,
Does Vivaldi browser need to support IETF 7858 protocol to take advantage of DNS over TLS ?New web browsing security tool arrives: DNS over TLS
http://www.zdnet.com/article/new-web-browsing-security-tool-arrives-dns-over-tls/
[modedit] removed link to non-existing pageDoes a browser has any role to play for users to take advantage of DNS over TLS ?
-
I`m using this one
-
I'n not sure whether browser need to support to take advantage of DNS over TLS.
Does anyone know ? -
Usually the OS provides for DNS resolution. I'm not aware of browsers doing this for themselves...
-
@gwen-dragon said in Does Vivaldi browser support IETF 7858 protocol ?:
@rafale said in Does Vivaldi browser support IETF 7858 protocol ?:
DNS over TLS
No, not implemented yet in Chromium code, so Vivaldi cant use DNS over TLS.
Thanks for clarifying Gwen-Dragon
-
The Yandex-Browser supports DNSCrypt, but IMHO DNS resolution should be done on OS level. https://dnscrypt.org/ has a couple of DNSCrypt clients and proxies.
Stubby: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby is a DNS over TLS resolver for Win/Mac/Linux.
If Google implements encrypted DNS, it will most likely be https://developers.google.com/speed/public-dns/docs/dns-over-https.
-
From that article you link:
Net neutrality is on its death bed. With it gone, ISPs will be able to strip-data-mine your every move on the web. There are answers. One is Tenta's new secure Domain Name System (DNS) resolver, Tenta DNS. This receives and sends the directions to the websites you visit using the secure Transport Layer Security (TLS) protocol.
Perhaps I'm misunderstanding something, but I don't see that this is a complete solution to either the net neutrality or privacy issue (which aren't the same - the former regards ISPs privileging data streams from websites so they have to pay extra, the latter regards legal online privacy protections already rolled back months ago, in the U.S.). Even if an ISP is stopped from reading the initial DNS request, the ISP would still be seeing what IP addresses you're connecting to and could do a reverse IP lookup, or check the requested hostname which is sent unencrypted in HTTPS requests (needed for SNI, for servers hosting sites for multiple domains).
(And of course, any solution that truly hides what sites you visit from your ISP (e.g. a VPN) wouldn't get whitelisted by the ISP into fast lane treatment.)
-
So DNS-TLS protects you from DNS spoofing. I would want my whole system (background services, ssh terminal, VNC connections) to be protected, not only my browser.
So I'd like the OS to provide this service, not the browser.
Isildurs further arguments are valid as well, of course.
-
https://tools.ietf.org/html/rfc7626 describes DNS privacy issues.