Click Here To Visit SIP Broker  

Go Back   Voxalot / SIP Broker Support Forums > ENUM.164 > Support Support Support forum for the ENUM directory

Thread Tools Display Modes
Prev Previous Post   Next Post Next
Unread 04-19-2008, 08:22 AM   #1
Senior Member
Join Date: Feb 2006
Posts: 176
Thanks: 0
Thanked 14 Times in 10 Posts
evilbunny is on a distinguished road
Default Encrypted DNS Request and Replies

Unlike most DNS services ENUM requests contain the sort of information that the NSA and telcos were caught up in the previous couple of years. Of late we have implemented our own name server software so we felt compelled to extend this to encrypt DNS requests and replies. We can only assume the only reason that the NSA is the only government spy agency that has made the news is because they were the only ones to get caught, not because they are the only ones doing it, or if others aren't doing it now they most likely will be within the next decade or so.

Besides the obvious government spy efforts, even if you have nothing to hide from any government, at least at this point in time, that doesn't mean you don't want to hide or conceal your personal information from your neighbours, employers, employees, your business competitiors or whoever the list can really go on and is unique to our own situations and what it is we're doing that we don't want others to know we're doing. No matter what you are doing there is bound to be someone you don't want sticking their nose into your business. After all, if we weren't worried about everyone knowing everything occurring in our lives we wouldn't put curtains up in our houses.

Currently there is no internet draft nor RFC covering this subject as far as I/we are aware, but that will be the next step for us from here.

The actual code doesn't decode the DNS response, I have compared the responses to a normal response and they matched but my intention wasn't to re-invent the wheel only prove that encrypted and unencrypted DNS lookups could utilise the same name servers without too much trouble.

DNS Encryption - Wiki

If you really did want to do a dig replacement using this code it wouldn't be that difficult since most of the code is written, all you have to do is parse the information returned, then again I'm pondering about finishing the code simply so it can be easily integrated into things like FreePBX.

I'll probably get yelled at by the DNS purists because I hacked it together and cheated a little in the process, but again my intent wasn't
to do anything more than a simple proof of concept to prove that it could be done.

I haven't designed the system to be ENUM specific and should be usable for any DNS although it's possibly not the best way to do things and I'd be open to further discussions on this topic.

evilbunny is offline   Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT. The time now is 05:37 PM.

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.