GrapheneOS [Unofficial]

1696 readers

2 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 4 years ago

MODERATORS

KindnessInfinity@lemmy.ml

maade@lemmy.ml

akc3n@lemmy.ml

treequell@lemmy.world

GrapheneOS Web Servers Using DNS-Over-TLS (grapheneos.social)

submitted 2 years ago by KindnessInfinity@lemmy.ml to c/grapheneos@lemmy.ml

0 comments fedilink hide all child comments

Our authoritative DNS nameservers now support DNS-over-TLS (DoT) with authentication via DANE TLSA and/or WebPKI. This allows DNS resolvers to make queries via securely encrypted connections. We're already seeing lots of DoT encrypted connections from multiple DNS providers.

Using DNS-over-TLS for authoritative DNS is bleeding edge and not widely supported yet. Cloudflare and most ISPs don't support this yet. Vast majority of the DNS-over-TLS connections are coming from Google Public DNS. There are only a small number of connections from elsewhere.

We're currently implementing this with an nginx TLS to TCP reverse proxy in front of PowerDNS.

https://github.com/GrapheneOS/infrastructure/commit/38bb002a019a0947c1b2c1bd0e7f5b602ae85f5c https://github.com/GrapheneOS/ns1.grapheneos.org/commit/387f1027f8904fc148217a697fdad66d089c6cfc

This is a very forward-looking improvement. Google is the only major provider using it and only for opportunistic encryption right now.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here