Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hackathon AIS’19 Measurement group DNS over HTTPS/TLS team

Published byAhti Majanlahti Modified over 4 years ago

Similar presentations

Presentation on theme: "Hackathon AIS’19 Measurement group DNS over HTTPS/TLS team"— Presentation transcript:

1 Hackathon AIS’19 Measurement group DNS over HTTPS/TLS team
Team name: Just DoH it! Kampala, June 2019

2

3 Problem statement Traditional DNS queries and responses are sent over UDP or TCP without encryption. Vulnerable to eavesdropping and spoofing. Responses from recursive resolvers to clients are the most vulnerable to undesired/malicious changes, while communications between recursive resolvers and authoritative NS often incorporate additional protection such as DNSSEC. How to protect/secure clients to resolvers communication???

4 Motivation Run your own DoH and/or DoT server
Increase user privacy and security by preventing eavesdropping and manipulation of DNS data.

5 REQUIREMENTS HTTP Server: Nginx for example
Certbot/Let’s Encrypt to generate SSL certificates and integrate to the HTTP server. A resolver: Unbound is simple and perfect! Firewall rules for security: iptables/firewalld a browser: Firefox is fine! Wireshark or tcpdump to analyse the traffic Be patient and open your eyes!

6 Test your DoH server locally

7 Tcpdump on SSL port

8 Use your DoH using your client browser

9 Test your DoT server using getdnsapi Answer should be "status": GETDNS_RESPSTATUS_GOOD

10 Future improvements Implement a Windows client like Stubby so that the entire client OS DNS requests will be secured, not only the browser requests. Test on Android clients.

11 Documentation Tutorial 1 to setup DoH: -building-and-running-your-own-dns-over-https-server Tutorial 2 to setup DoH: over-https-server/ Tutorial to setup DoT: Test DNS over TLS:

12 Typos in documentation
In Tutorial 1 to setup DoH, installing Nginx, /etc/nginx/conf.d/doh.conf: “listen 80;” instead of “listen 80” In DoT configuration, /etc/nginx/nginx.conf : Append “include /etc/nginx/streams/*;” instead of stream { include /etc/nginx/streams/*; }

13

Download ppt "Hackathon AIS’19 Measurement group DNS over HTTPS/TLS team"

Similar presentations

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.

SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.
Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10.

Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Internet-Based Client Access

Internet-Based Client Access
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
DNS Security Pacific IT Pros Nov. 5, 2013. Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Practice 4 – traffic filtering, traffic analysis

Practice 4 – traffic filtering, traffic analysis
Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service.

Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service.
Web Server Apache 2.0.52 PHP 4.3.9. HTTP Request User types URL into browser Address resolved if nec. We use 134.198.161.101 directly Most browsers request.

Web Server Apache PHP HTTP Request User types URL into browser Address resolved if nec. We use directly Most browsers request.
SharkFest ‘16 Computer History Museum June 13-16, 2016 SharkFest ‘16 Markers – Beacons in an Ocean of Packets Matthew York 15th June 2016 Performance &

SharkFest ‘16 Computer History Museum June 13-16, 2016 SharkFest ‘16 Markers – Beacons in an Ocean of Packets Matthew York 15th June 2016 Performance &
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos 110512.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Similar presentations

Ads by Google