Community discussions

 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Secure my DNS requests

Mon Apr 02, 2018 11:39 pm

There are number of DNS technics that can hime my queries from ISP along the path: DNS Crypt, DNS over HTTPs, DNS over TLS etc. Please add support for any (or some) or these to ROS, due to fact this is more and more popular demand nowdays in too many countries.

You can definitely recall Russia and China government state-scale sites blacklist which push ISP to return fake reply for sites that are backlisted for political reasons.
 
User avatar
Kamaz
newbie
Posts: 28
Joined: Sun Apr 30, 2017 9:35 am

Re: Secure my DNS requests

Tue Apr 03, 2018 11:10 am

I want to hide my activity to, so it would be great to make such functionality like DNS over HTTPs, DNS over TLS.
 
andrewvs
just joined
Posts: 1
Joined: Mon May 27, 2013 2:56 pm

Re: Secure my DNS requests

Tue Apr 03, 2018 3:30 pm

Another +1 for some form of encrypted DNS support out of the box.

This is quite topical with the recently announced DNS resolver partnership between Cloudflare and APNIC promoting its use: https://1.1.1.1/
 
Sob
Forum Guru
Forum Guru
Posts: 4806
Joined: Mon Apr 20, 2009 9:11 pm

Re: Secure my DNS requests

Tue Apr 03, 2018 4:34 pm

I want to hide my activity to, ...
Then hopefully your activity doesn't include anything with http. Plain old http is fully readable, and https does protect content, but still leaks target hostname because of SNI.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
bewza
just joined
Posts: 1
Joined: Thu Feb 28, 2013 12:46 am

Re: Secure my DNS requests

Thu Apr 05, 2018 1:21 am

One more request related to this one viewtopic.php?f=1&start=50&t=58866&sid= ... 63c2db6934
Hope we will get answer from dev or support team.
 
User avatar
Kamaz
newbie
Posts: 28
Joined: Sun Apr 30, 2017 9:35 am

Re: Secure my DNS requests

Sat Apr 07, 2018 8:24 am

Any updates?
 
msatter
Forum Guru
Forum Guru
Posts: 1291
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Secure my DNS requests

Sat Apr 07, 2018 1:05 pm

It may be in RouterOS 7 or not.

Because government's are getting more and more curious, in what civilians are interested in on the Internet it is better to put also the DNS request into a Private Network together with the rest of your internet traffic.

Let's hope that Mikrotik is going to develop better support in router, for OpenVPN and IKE2 as client.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta59 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
squeeze
Member Candidate
Member Candidate
Posts: 146
Joined: Thu Mar 22, 2018 7:53 pm

Re: Secure my DNS requests

Mon Apr 09, 2018 3:18 pm

Let's hope that Mikrotik is going to develop better support in router, for OpenVPN and IKE2 as client.
And Wireguard which trounces both of them for security, throughput, and latency.
 
msatter
Forum Guru
Forum Guru
Posts: 1291
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Secure my DNS requests

Tue Apr 10, 2018 2:00 pm

Let's hope that Mikrotik is going to develop better support in router, for OpenVPN and IKE2 as client.
And Wireguard which trounces both of them for security, throughput, and latency.
Looks very impressive and lets hope it will be adapted widely soon.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta59 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
upower3
Member
Member
Topic Author
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Secure my DNS requests

Tue Apr 10, 2018 2:11 pm

And Wireguard which trounces both of them for security, throughput, and latency.
Yet this "impressive" VPN can not be used on Windows, so seems to be no use out there in the wild. So far Windows PCs are a huge part of user base, so not to support them is something risky.

There are some VPN technologies like Wireguard, tinc, some others, all are (seems to be) good, but no router should support all of them. Even SSTP looks an overkill. Let's do few protocols but do them very good (not like semi-done ovpn now).
 
Sob
Forum Guru
Forum Guru
Posts: 4806
Joined: Mon Apr 20, 2009 9:11 pm

Re: Secure my DNS requests

Tue Apr 10, 2018 6:26 pm

From their homepage:
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come.
So one day it may become great and if it does, I hope to see it in RouterOS too. But until then, improvements for good old OpenVPN would be enough to make many people happy.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
phin
just joined
Posts: 15
Joined: Mon Dec 04, 2017 11:25 pm

Re: Secure my DNS requests

Tue Apr 10, 2018 10:57 pm

I just setup pi-hole in a vm.

Pi-hole connects to DNS via TLS.

DHCP hands out PiHole as dns server
DHCP hands out router as secondary dns server to handle local dns request based on static entries applied via dhcp handouts.
 
squeeze
Member Candidate
Member Candidate
Posts: 146
Joined: Thu Mar 22, 2018 7:53 pm

Re: Secure my DNS requests

Thu Apr 12, 2018 11:44 am

From their homepage:
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come.
So one day it may become great and if it does, I hope to see it in RouterOS too. But until then, improvements for good old OpenVPN would be enough to make many people happy.
Agreed. Just something to be aware of, because by the time they get around to OpenVPN improvements, Wireguard may be mainstream ... :)
 
BioDranik
just joined
Posts: 3
Joined: Sat Apr 21, 2018 7:30 pm

Re: Secure my DNS requests

Mon Nov 05, 2018 9:11 am

+1 for secure DNS feature.
 
BostjanC
just joined
Posts: 16
Joined: Tue Nov 13, 2018 9:28 pm

Re: Secure my DNS requests

Mon Nov 19, 2018 11:46 am

+1 for secure DNS feature.

Support for
DNS over HTTPS, DNS over TLS

Who is online

Users browsing this forum: No registered users and 105 guests