You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By using external DNS resolver option RESOLVER_ADDRESS combined with PUBLICIP_FETCHERS=dns could result in a possible security issue where a targeted attack can be performed, given the fact that DNS queries are not encrypted.
MITM and similar attacks can be performed in order to alter DNS queries and inject custom IP addressed to be updated for a specific domain.
However, just for curiosity, wouldn't this be a security issue if used together with PUBLICIP_FETCHERS=dns? An attacker could change the answer for both public IP and DNS answer in a very specific and targeted attack in order to change the ip of my domain?
The text was updated successfully, but these errors were encountered:
Now both Cloudflare and OpenDNS use DNS over TLS to communicate and echo the public ip address.
However, Google was removed since its public ip echo nameserver does not support DNS over TLS (wtf right?).
This is a bit of a breaking change, but it should be mitigated by:
the announcement at the top of your logs mentioning it is now removed
the warning logged if someone specifies google
google gets auto-magically removed from the list of dns providers if found, so the program should not error and crash.
By using external DNS resolver option
RESOLVER_ADDRESS
combined withPUBLICIP_FETCHERS=dns
could result in a possible security issue where a targeted attack can be performed, given the fact that DNS queries are not encrypted.MITM and similar attacks can be performed in order to alter DNS queries and inject custom IP addressed to be updated for a specific domain.
Ref:
#389 (comment)
The text was updated successfully, but these errors were encountered: