DNS
unwind(8)
A privilege-separated, validating DNS recursive nameserver for every laptop
DNS is easy. You type fosdem.org in your browser's address bar, hit enter and you will be greeted by your favorite open-source event's start page. Actually...
We will introduce unwind(8) - an always-running, validating DNS recursive nameserver, answering queries on localhost (127.0.0.1). We will explain its privilege-separated design and show that it is secure to run this daemon by default. We will then show how its novel approach of observing changes in network location and actively probing the quality of the local network improve the user experience in DNS resolution. The focus will be on laptops that move through many networks, some good, some bad, some outright hostile.
We will compare unwind(8) to prior solutions and show how its design enables it to run without user intervention.
Additional information
| Type | devroom |
|---|
More sessions
| 2/1/20 |
Welcome to the DNS DevRoom
|
| 2/1/20 |
All major clouds have integrated DNS management these days, and OpenStack is one of them. We will run through the OpenStack DNS (Designate) project - how it works, why we laid it out the way we did, how you can use it, and how other OpenStack components can leverage it.
|
| 2/1/20 |
Would you like a DNS server for IPv6 where adding a new node is as simple as typing in its name? If the answer is yes, try HashDNS.
|
| 2/1/20 |
The fehQlibs and djbdnscurve6 provide both a DNS library which support IPv6 LLU addresses. The inclusion and use of IPv6 LLU addresses is discussed. While the typical Unix /etc/resolv.conf is applied system-wide and the Microsoft Window's pendent works interface-dependent, here application specific DNS settings can be used.
|
| 2/1/20 |
Of course, encrypting DNS is necessary for privacy and security, like for every other Internet protocol. That's why DoT and DoH deployment is very important, so that users could safely go to a resolver they trust. Now, it is time to assert the technical compliance and performance of these trusted resolvers. We will talk about the things that could and should be tested against DoT and DoH servers and how to implement it. We will then discuss performance measurements, specially with the ...
|
| 2/1/20 |
BIND 9 consists of a huge and old codebase. In this talk, I would like you to show all the available tools that we use on regular basis to improve, refactor and make the BIND 9 code safer. I'll show the examples of various Google/LLVM Sanitizers, cppcheck, LLVM scan-build and semantic patching using coccinelle.
|
| 2/1/20 |
another approach in automating maintenance
|
