|
|
|
|
|
|
by enginnr
3878 days ago
|
|
|
DNS is often the weakest link in the chain and well worth hardening if you're doing proactive sec. Combined with DNSCrypt it can be a pretty robust setup. My only problem with DNS hardening is zero-knowledge problems. See https://en.wikipedia.org/wiki/Zero-knowledge_proof It is possible to encrypt DNS queries, but tricky for end points to deny knowledge of having requested it, and so we have zero-knowledge proof issues. |
|
|