[asterisk-security] Encrypted DNS/ENUM

Duane duane at e164.org
Fri Apr 18 22:40:07 CDT 2008 

With increased amounts of snooping occurring or governments wanting it
to occur on the internet, and with the information being sent in ENUM
request packets the same as the NSA and telcos were caught up in
previously we felt compelled recently to start work on a method to
encrypt DNS requests and replies. We can only assume that just because
the NSA has been caught that others are also doing this doing, or if
they aren't will be doing it shortly.

Even if you have nothing to hide from any government this doesn't mean
you don't have to hide or conceal your personal information from your
neighbours, employers, employees, your competition the list goes on, no
matter what you are doing there is someone you don't want sticking their
nose into your business. After all, if we weren't worried about everyone
knowing everything occurring in our lives we wouldn't put curtains up in
our houses.

Currently there is no internet draft nor RFC covering this subject as
far as I/we are aware, but that will be the next step for us from here.

The actual code doesn't decode the DNS response, my intention wasn't to
re-invent the wheel, but prove that encrypted and unencrypted DNS
lookups could utilise the same name servers without too much trouble.

http://www.e164.org/wiki/DNS_Encryption#head-638e1d7a237b652f496dc035e54930af9b74fe2b

If you really did want to do a dig replacement using this code it
wouldn't be that difficult since most of the code is written, all you
have to do is parse the information returned.

I'll probably get yelled at by the DNS purists because I hacked it
together and cheated a little in the process, but again my intent wasn't
to do anything more than a simple proof of concept to prove that it
could be done.

-- 

Best regards,
 Duane

http://www.freeauth.org - Enterprise Two Factor Authentication
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Global Communication for the 21st Century

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."

More information about the asterisk-security mailing list