roxhaiy.wordpress.com
从零开始配置DNSSEC+DNSCrypt 防止DNS投毒污染 | 鸣沙山侧 月牙泉畔
https://roxhaiy.wordpress.com/2014/08/15/配置dnscrypt防止dns投毒污染
Just another WordPress.com site. DNS污染 是指当你访问某些网站的时候,域名经由 DNS 服务器解析后指向了不正确的 IP 地址, 特别是在天朝,访问被墙网站极有可能获. 这种情况可能是天朝主干网上的 GFW 返回的结果, 也可能是无良的 ISP 在最后一公里做的手脚。 DNSSEC 域名系统安全扩展 Domain Name System Security Extensions 是Internet工程任务组 IETF 的对确保由域名系统 DNS 中. 为了解决这些问题,仅仅使用一个安全的 DNS 服务器 比如openDNS 是不够的,在你解析被墙的网站的域名的时候,某些机构还是能轻易的检测到。 利用DNSCrypt-proxy不但可以加密 DNS 查询请求,还可以使用tcp或udp查询,也可以使用不同于53的非标准端口,因为在某些场合isp可能会强制劫持 53 端口的dns查询。 Unbound是一款验证 validating 、递归 recursive 及缓存 caching DNS 解析器 resolver。 Yum install openssl-devel -y.
wiki.openwrt.org
DNSCrypt [OpenWrt Wiki]
http://wiki.openwrt.org/inbox/dnscrypt
Custom build for ar71xx from black-roland. How to check what features are supported by your resolver. How to check if your DNS queries are using dnscrypt. How to check if dnscrypt-proxy is set up and running. DNSCrypt offers a way to protect clients against attacks related to the modification and manipulation of. In addition, encryption of. Communication improves the client's privacy. DNSCrypt is the. Client project is maintained by Frank Denis jedisct1. DNSCrypt verifies that responses you get from a.
vs.uni-due.de
Measuring Occurrence of DNSSEC Validation
https://www.vs.uni-due.de/wander/20121014_DNSSEC_Validation
Measuring Occurrence of DNSSEC Validation. Matthäus Wander matthaeus.wander@uni-due.de. Toronto, October 14, 2012. What is the ratio of validating clients in the Web? Validating rejects invalid signatures. Two web-based resolver tests (interactive, hidden). Http:/ dnssec.vs.uni-due.de. Client-side JavaScript and images. Success: no DNSSEC validation. Success: DNSSEC validation enabled. Result is shown to the user and. POSTed to our webserver. Load transparent 1x1 pixel images from. Resource record (88 MB).
vs.uni-due.de
Measuring Occurrence of DNSSEC Validation
https://www.vs.uni-due.de/wander/20130319_DNSSEC_Validation
Measuring Occurrence of DNSSEC Validation. Torben Weis dnssec@vs.uni-due.de. Passive and Active Measurements Conference. Hong Kong, March 19, 2013. Domain Name System Security Extensions. Uses cryptography to achieve data integrity. Note: not confidentiality, not availability. Sign resource records with private key. Publish signatures as RRSIG record. Example.net. IN A 1.2.3.4 example.net. IN RRSIG A 5 3 600 20120519. m1TWzfNDMg8NpgTo4i. Publish public key as DNSKEY record. DS record for secure delegation.
roxhaiy.wordpress.com
roxhaiy | 鸣沙山侧 月牙泉畔
https://roxhaiy.wordpress.com/author/roxhaiy
Just another WordPress.com site. 进入你的网站配置文件,如/etc/nginx/conf.d/roxhaiy.conf ,加入如下语句,将其中的roxhaiy.net 换成你的网站地址. Root /home/www/roxhaiy.net;. Valid referers none blocked server names (roxhaiy.net google.); #除了本地网站和google,其他外链一律屏蔽. If ($invalid referer) {. Rewrite / http:/ uiej.com/404.jpg. WordPress Omega 主题 修改页脚的版权声明. 进入 网站主目录下,打开 wp-content/themes/omega/lib/functions/hook.php ,找到以下语句. Function omega default footer insert( $settings ) {. Is child theme() ) {. 其中 roxhaiy.net 改为你的网站名。 Set objFso = Nothing.
users.isc.org
BIND DNSSEC Guide
http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html
This is version 1.1 of the DNSSEC deployment guide for BIND. BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. ISC BIND supports the full DNSSEC standard. 11 Who Should Read this Guide? 12 Who May Not Want to Read this Guide? 13 What is DNSSEC? 14 What does DNSSEC Add to DNS? 151 Chain of Trust.