Browser Security

Firefox DNSSEC feature (DNS over HTTPS)

Firefox seems to work now together with Cloudflare, in order to get your data. What Mozilla calls ‘DNS over HTTPS’ is simply another term for DNSSEC which signs the queries so that an attacker can’t see which domain you’re visiting, on paper this sounds good.



Cloudflare starts it’s own DNS

Cloudflare is well-known and they started their own DNS resolver which is available under to compete against Google or QuadDNS (and no, it’s not an April joke).

Cloudflare DNS
The speed is depending on server <-> your location among some other factors. Picture Source: Cloudflare
Android Review Software

personalDNSfilter is a DNS filter proxy for Android to block advertisements

t-ryder posted on XDA his new created DNS filter application which is written in Java, theoretically it can work on other operating systems but the main target seems to be Android. It’s original written by Zenz Solution. The DNS filter proxy quickly allows you to block advertisements on an easy way.  You can help this project if you like to, so go ahead translate it.



DNS Stubby in his current status

Stubby is yet another young project which want to compete against the known ones e.g. Unbound.

Picture: IETF

Which DNS Provider blocks the most?

A lot of people choosing a DNS provider to block malware or to bypass ISP DNS server-side restrictions but when it comes to blocking there is almost no documentation what exactly has been blocked. To answer this simple question, CryptoAUSTRALIA has now compared the threat-blocking performance of ten popular DNS providers. Suprisingly Norton ConnectSafe, SafeDNS and Strongarm have managed to block the largest number of harmful websites.

Which Provider blocks the most? Picture:

DNSCrypt explained – it won’t replace a VPN!

DNSCrypt is a protocol for securing a single hop during a DNS lookup. It allows you to authenticate that the packet you received from the DNS server you connected to is the one that it sent, and also encrypts it over that single hop.  Sadly there several people spreading false facts about DNSCrypt.

Some router firmware even support DNSCrypt directly

Please note that DNSCrypt is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity. The TLS protocol, as used in HTTPS and HTTP2, also leaks websites host.

– DNSCrypt page

For all the attention that HTTPS gets, I’m amazed how little (relatively speaking) attention plaintext DNS gets. Let’s check it!


DNS over TLS – All the things you need to know

DNS over TLS is a protocol where DNS queries will be encrypted to the same level as HTTPS. This means the provider can’t actually log or see the websites you visit. Is it really better? We will find it out – hang on!

DNS over TLS
How to send DNS over anything encrypted – Picture Source: Men and Mice

IBM’s Quad9 – A closer look

DNS together with FTP and some other protocols are the ones which I consider as dangerous, cause they were never be designed to secure anything especially not attacks against MITM or spoofing in general. IBM promise us with his new service and over 200 servers around the world to protect us against security threats – let’s take a closer look at it.

Quad9 Matrix
Quad9 Server Matrix – Picture Source: