User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
en:howto:dns [2017/06/15 14:26]
nkoranova
en:howto:dns [2018/01/15 15:30]
nkoranova [DNS and forwarding]
Line 20: Line 20:
 The DNSSEC technology ensures that for those domains, which are signed electronically,​ it can be verified that on the way between client and server the response wasn‘t forged. This is a defense against a type of attack known as [[https://​en.wikipedia.org/​wiki/​DNS_spoofing|DNS spoofing]]. The DNSSEC technology ensures that for those domains, which are signed electronically,​ it can be verified that on the way between client and server the response wasn‘t forged. This is a defense against a type of attack known as [[https://​en.wikipedia.org/​wiki/​DNS_spoofing|DNS spoofing]].
  
-DNSSEC support is required on Turris in order for the router to function correctly. Without DNSSEC ​the communication between ​the router and the Turris switchboard wouldn'​t ​function. A common case of failures is caused by a user adjustment in the DNS software – when the dnsmasq server is elevated to the role of the main resolver. ​+DNSSEC support is required on Turris in order for the router to function correctly. Without DNSSEC the router and the Turris switchboard wouldn'​t ​communicate. A common case of failures is caused by a user adjustment in the DNS software – when the dnsmasq server is elevated to the role of the main resolver. ​
  
 ===== DNS and forwarding ===== ===== DNS and forwarding =====
Line 40: Line 40:
 In both cases, this is a problem on the side of the ISP, who cannot differentiate Turris software and an attempted attack using DNS. This is why DNSSEC validation fails and the client in the network doesn‘t get an answer (in order to prevent the client getting counterfeit data). In both cases, this is a problem on the side of the ISP, who cannot differentiate Turris software and an attempted attack using DNS. This is why DNSSEC validation fails and the client in the network doesn‘t get an answer (in order to prevent the client getting counterfeit data).
  
-In the [[en:​howto:​foris|Foris]] user interface under the tab //DNS//, you will find a simple test, which checks the current DNS setting on your router. On the same page you can turn forwarding ​on on or off. +In the [[en:​howto:​foris|Foris]] user interface under the tab //DNS//, you will find a simple test, which checks the current DNS setting on your router. On the same page you can turn forwarding on or off.