User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:howto:dns [2017/06/15 14:49]
nkoranova [DNSSEC on Turris]
en:howto:dns [2019/03/23 22:10]
jschlehofer
Line 7: Line 7:
  
 The operating system [[https://​openwrt.org/​|OpenWRT]],​ which Turris OS is based on, has in it‘s default configuration dnsmasq in the role of DNS and DHCP server. Dnsmasq stays on Turris, but only in the role of the DHCP server. Turris and Omnia substitute the DNS resolver with a different implementation:​ The operating system [[https://​openwrt.org/​|OpenWRT]],​ which Turris OS is based on, has in it‘s default configuration dnsmasq in the role of DNS and DHCP server. Dnsmasq stays on Turris, but only in the role of the DHCP server. Turris and Omnia substitute the DNS resolver with a different implementation:​
-  - Turris uses the DNS resolver [[https://​unbound.nlnetlabs.nl/​|Unbound]] +  - Turris ​1.0, 1.1 uses the DNS resolver [[https://​unbound.nlnetlabs.nl/​|Unbound]] 
-  - Omnia uses the DNS resolver [[https://​www.knot-resolver.cz/​|Knot ​resolver]] (also known under the abbreviation ''​kresd''​).+  - Turris ​Omnia, Turris MOX uses the DNS resolver [[https://​www.knot-resolver.cz/​|Knot ​Resolver]] (also known under the abbreviation ''​kresd''​).
 That is the reason why changes made in the DNS settings in [[en:​howto:​ssh#​pristup_k_rozhrani_luci|LuCI]] ​ won‘t manifest. ​ That is the reason why changes made in the DNS settings in [[en:​howto:​ssh#​pristup_k_rozhrani_luci|LuCI]] ​ won‘t manifest. ​
  
Line 40: Line 40:
 In both cases, this is a problem on the side of the ISP, who cannot differentiate Turris software and an attempted attack using DNS. This is why DNSSEC validation fails and the client in the network doesn‘t get an answer (in order to prevent the client getting counterfeit data). In both cases, this is a problem on the side of the ISP, who cannot differentiate Turris software and an attempted attack using DNS. This is why DNSSEC validation fails and the client in the network doesn‘t get an answer (in order to prevent the client getting counterfeit data).
  
-In the [[en:​howto:​foris|Foris]] user interface under the tab //DNS//, you will find a simple test, which checks the current DNS setting on your router. On the same page you can turn forwarding ​on on or off. +In the [[en:​howto:​foris|Foris]] user interface under the tab //DNS//, you will find a simple test, which checks the current DNS setting on your router. On the same page you can turn forwarding on or off.