DNS-over-HTTPS Introduction and Implementation

Introduction

I’ve introduced the potential flaws of regular DNS queries and responses protocol and a practical solution to address it, which is called ‘DNS-over-TLS protocol’, in the most recent post: DNS-over-TLS Introduction and Implementation. However, since messages are transmitting through an uncommon port 853, public DNS servers implementing ‘DNS-over-TLS protocol’ are likely to be detected and restricted by controlling TCP traffics on that port.

Thus, introduced in RFC 8484, another protocol called ‘DNS-over-HTTPS’ was designed by researchers, which runs on common port 443. By implementing this protocol, all DNS messages are transmitted through regular HTTP requests and encrypted with SSL.

Continue reading DNS-over-HTTPS Introduction and Implementation

DNS-over-TLS Introduction and Implementation

Introduction

Traditional DNS queries and responses are sent over UDP and TCP without any encryption. Thus, this protocol is vulnerable to privacy tracking and DNS spoofing. Almost all traditional DNS queries are monitored and falsified during transmission in specific countries including China to block websites and injecting advertisements.

According to the image above, the ‘A’ record of ‘reddit.com’ is altered to a wrong IP address which belongs to services of Facebook.

To solve these problems, researchers designed DNS-over-TLS protocol which provides DNS resolutions over TLS-encrypted TCP connection delineated in RFC7858. DNS-over-TLS protocol improves privacy and security between client and servers since TLS is invulnerable to ‘Man-in-the-middle attack’ and cannot be deciphered easily.

Continue reading DNS-over-TLS Introduction and Implementation

Protect User Privacy: How to Setup Cloudflare SSL

In order to enable SSL in my website, I’m using free certificate provided by Cloudflare. Here’s a quick guide about how to set up free Cloudflare SSL on your Apache server.

Apply for SSL Certificate

First, you need to sign up a free account on Cloudflare. Then, follow their steps for changing the DNS of your domain and link your website to Cloudflare.

Continue reading Protect User Privacy: How to Setup Cloudflare SSL