Today I want to explore DNS over TLS using the unbound package for linux to see if I can get 1) DNSSEC working and 2) DNS over TLS working. I will be using Ubuntu 20.10 Server for this. I go over some of the problems DNS (Bind9) left in its wake and some of the solutions we tried to get DNS queriers to work encrypted. There are a couple of choices today for this DNS over TLS, DNS over HTTPS and DNSCurve. I am trying to avoid some of the discussion around which of these is the best, because quite frankly none of them are. Its a question of privacy and a question of trust is what it boils down to. So for me today I want to see if I can begin moving my DNS service from Bind9 to something like unbound (if that is even possible). So lets get started dive in and see if we can get this working.
I don't mean to beat up on VLANs they are absolutely great tools for network management, but they are not useful to protect two different network segments which are at different security levels.
Root Hints file:
sudo wget https://www.internic.net/domain/named.root -O /etc/unbound/root.hints
Support me on Patreon: https://www.patreon.com/DJWare
Follow me:
Twitter @djware55
Facebook:https://www.facebook.com/don.ware.7758
Discord: https://discord.gg/hQcShnh
Werq by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song/4616-werq
License: https://filmmusic.io/standard-license
Industrial Cinematic by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song/3909-industrial-cinematic
License: https://filmmusic.io/standard-license
Music Used in this video
"NonStop" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
38 Comments