DNS is an essential part of the Internet, but as it usually is with the ancient protocols, there is no built-in security or privacy. A few years ago, there was a plan to support DNSSEC validation by default, but it didn't work out. This talk is about discussing the problem with automatic validation, privacy in DNS, new technologies like DNS-over-TLS or DNS-over-HTTP.
This talk should be interesting to anyone with a basic understanding of DNS and Linux internals, but it will contain some code examples.
Some technologies, that would be discussed: [1] https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver [2] https://en.wikipedia.org/wiki/DNS_over_TLS [3] https://developers.google.com/speed/public-dns/docs/dns-over-https [4] https://dnsprivacy.org/wiki/
A few years ago, there was a plan to support DNSSEC validation by default, but it didn't work out.
Is there a plan to try it again? Rather than just a tech talk, I'd like to hear more about plans for improving Fedora going forward.
Yes, we would like to try it again, but the problem is not trivial. I would like to spread the word and possibly attract some developers. There is a lot of upstream projects right now, some of them are active, some of them are more-less dead. I can certainly propose my own opinion on how Fedora should progress in the future.
@msehnout The CfP Committee would like to see this extended with some direct plans or implications for Fedora
Metadata Update from @bex: - Issue tagged with: Talk In Consideration
I don't have any direct plan like "in fedora 31 we will use DNS over TLS only". I'd like to sum up some options we have: running unbound locally, use getdns API in end applications, DNS over HTTP in Firefox etc. Basically all applications that connect to the Internet would be affected, therefore it is complicated to "propose" some direct plans.
I regret that we are unable to accept this talk this year. There will be lightning talk sessions and I encourage you to consider this option.
Metadata Update from @bex: - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.