Slashdot Mirror

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

# In this post:
#
# 1. Tor Discussion Forums (two hidden services)
# 2. DNSCrypt - for Linux, Mac, and Windows (from opendns)

# 1. Tor Discussion Forums (two hidden services)

We need an official Tor discussion forum.

I did not see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurls will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 does not appear to be heavily moderated so be aware and take precautions.

###

# 2. DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It does not require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone do not work in the security world, however, so we have opened up the source to our DNSCrypt code base and it is available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

###

eof

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

i do need a way to manage what he is seeing.

And there are a myriad of ways to do that. If you have one computer, there are tons of software options available. If you want to provide coverage for all devices on your network, you can set up OpenDNS on your router.

I'm sympathetic to the needs of parents to protect their children from unwanted online content, but a legislative solution is absolutely the wrong way to go about it.

Don't know why it hasn't been mentioned in all of the comments so far, but Open DNS http://www.opendns.com/home-solutions/parental-controls/ will handle exactly what you need, and its harder to bypass than some other software out there.

The issue with this is that it is that it filters the whole house and would interfere with his access to internet pr0n.

Don't know why it hasn't been mentioned in all of the comments so far, but Open DNS http://www.opendns.com/home-solutions/parental-controls/ will handle exactly what you need, and its harder to bypass than some other software out there.

Over at open dns you can setup the family filter. http://www.opendns.com/home-solutions/parental-controls/

You can use OpenDNS "Family Shield" for free: http://blog.opendns.com/2010/06/23/introducing-familyshield-parental-controls/

All you need is to change your DNS settings.

1st - Better FILTERING DNS servers & 2nd - A program that creates a custom HOSTS file (I wrote it) that's both 32-bit &/or 64-bit for Windows:

---

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

D.) Plus:

Comodo Secure DNS:

http://www.comodo.com/secure-dns/switch/windows_vista.html

8.26.56.26
8.20.247.2

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> Then there is also this program I wrote that 2 makers of custom hosts file data are hosting for me (hpHosts/malwarebytes + hostsfile.org/securemecca.com):

http://securemecca.com/public/APKHostsFileInstaller/2012_06_01/APKHostsFileEngineInstaller32_64bit.exe.zip

You simply extract its files to ANY folder you like (usually one you create for it, doesn't matter where, but you MUST run it as administrator (simple & the "read me" tab shows how easy THAT is to do):

What's it do for you?

It's a custom hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++")

---

1.) Offers massively noticeable increased speed for websurfing via blocking adbanners

2.) Offers increased speed for users fav. sites by hardcoding them into the hosts file for faster IP address-to-host/domain name resolutions (which sites RARELY change their hosting providers, e.g.-> of 250 I do, only 6 have changed since 2006 - & when sites do because they found a less costly hosting provider? Then, they either email notify members, put up warnings on their pages, & do IP warnings & redirectors onto the former IP address range to protect vs. the unscrupulous criminal bidding on that range to buy it to steal from users of say, online banking or shopping sites).

3.) Better "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so (which IS, by far, the majority of what's used by both users (hence the existence of the faulty but for most part working DNS system), AND even by malwa

Or you can use Comodo DNS which is good about blocking malware infested sites, or Open DNS or one of the dozen or more free DNS servers out there.

If someone wants to use Google for DNS I hear that its a good service but it isn't like we don't have a wealth of choices out there. No need to go through the hassle of running your own resolver unless you just want to.

opendns is doing that but I think it's limited to websites hosted on cloudflare that enabled this warning so probably not many

1.) DNS has issues, for starters: Would you like a list of problems it's seen over time? Just ask. See below also...

---

2.) You're also adding on "weight" of extra programs that the hosts file can do the SAME JOB FOR, for less!

Especially for a home setup using a single system only.

Since hosts files are simply a filter for the ring 0/rpl 0/kernelmode Pnp designed (Windows &/or MacOS X) IP stack based on the best there is in BSD ones (most all OS are here)? They are less layered on b.s. & thus, are more efficient.

I.E.-> The IP stack, as well as the ring of privelege/CPU opertions it runs from? It is as fast & efficient as it gets, vs.:

A.) Loading on more programs like a local DNS server, especially in recursive mode!

(Potential DNS poisoning/redirect problems & can be done in SECONDS over the 51/53 port series iirc)

B.) Doing so results in eating up more CPU cycles, RAM, & other forms of I/O needlessly & illogically... as well as electric power too.

---

HOWEVER:

I can see using a DNS server, IF you have an Active Directory OR have to manage 100's to 1,000's of servers, but not for a single PC @ home!

(Mainly due to what I wrote above regarding electrical power usage, since programs do NOT "run for free", as well as CPU, RAM, & other forms of I/O)...

Still - To each his own on that account... there's logical ways of doing things, & illogical wasteful ways too.

---

DNS issues? It's even being noted in security forums today @ SOPHOS, here:

http://nakedsecurity.sophos.com/2012/04/02/dns-attack-internet/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=b82ef0b1e8-naked%252Bsecurity

Regarding Anonymous making threats to "take down" the root 13 DNS servers!

Yes - it is a possible, but unlikely, possibility of happening!

However, DNS poisoning & redirects, especially to recursive setups of DNS, and odds are you HAD to do that on yours most likely too?
No mere possibility of problems...

(Again - want evidences of that? Ask!)

APK

P.S.=> Of course, IF you need DNS services (and we all do, even hosts file users) and you are a single system user especially?

These are excellent options:

Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT

I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).

That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).

Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!

---

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...

LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com] ... apk

That actually use "DNSBL filtered 'secured'" DNS servers for the purposes of security online:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least: Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE! DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...

HOWEVER?

DNS' better than trying to say, lol, hardcode in EVERY hosts-domain to IP address possible in a custom HOSTS file for example (keeping up with the changes would be the problem as far as "hardcoding in" the equation records). HOSTS are better used for doing a small group of "favorites" (sort of a 'little black book' of girls' phone #'s basically instead of looking through the ENTIRE phonebook each time etc.) &/or BLOCKING OUT known malicious sites/servers/hosts-domains + adbanners (for speed & yes, even security, because banner ads have had their share of malicious script code in them also over time as well).

The way that I use them in layered/phalanx style defensive formation noted above helps for security, bigtime & especially by using ALL of them in "layered-security"/"defense-in-depth" style I noted above in BOTH hardware &/or software setups of the IP stack + router level security... in combination simultaneously, along with other means (like I use in a custom HOSTS file, + AdBlock/NoScript/IE9 TPL's, Opera urlfilter.ini, IE restricted zones, etc., vs. online threats mostly))

... apk

I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).

That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).

Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!

---

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...

LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH

... apk

Explain how DNSBL adversely affects SECURITY specifically someone, please (per this quote from the article here today):

"the method of DNS filtering proposed to block supposed infringing sites opens up enormous security holes that threaten the stability of the internet itself"

Because I have seen DNSBL's be used to AID SECURITY, ala:

---

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

I.E./E.G.-> I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary) - I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side)...

* Which are ALL/EACH examples of "filtering" DNS that use DNSBL's FOR THE GOOD of others online (to block out KNOWN BAD SITES/SERVERS ONLINE!).

APK

P.S.=> Now, some b.s. artist MAY mean that DNSBL's (DNS Block Lists) "harm":

1.) Illegal file sharers' "freedoms" (freedoms to STEAL is about it), but that's NOT about security being harmed @ all, whatsoever...

2.) Nor is it harming "freedom of speech" if DNSBL's are kept strictly to blocking out known bad sites/servers that serve up malicious scripted exploits, malwares, & the like (and YES, illegally shared files along with child pornography & the like etc./et al)...

... apk/b

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq

---

& of course

C.) Open DNS (208.67.222.222 or 67.138.54.100) -> https://store.opendns.com/get/home-free

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* Personally speaking - I use ALL 3 of them, "in combination". Yes, I am using that latter term loosely is why I quoted it!

(Mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary, I can "fall back on" the others listed above...)

I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (OS/software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> DNS has issues though, period - it needs SOMEKIND of "Revision" for IPv4 @ least...

See - I don't know if Moxie Marlinspike's DNS solution for SSL protection via a browser addon's the answer either, ala http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=%22DNS%22+and+%22Moxie+Marlinspike%22&btnG=Search&gbv=1&sei=zwPhTs2wOMrL0QGTs-StBw

OR

If OpenDNS' tool here is either!

However: They're better than nothing!

(It's that, or use the "secured DNS" (filtered rather via DNSBL) that I use, & the way that I use them in layered/phalanx style defensive formation noted above, if not ALL of them in "layered-security"/"defense-in-depth" style... in combination simultaneously, along with other means (like I use in a custom HOSTS file vs. online threats mostly))!

(Especially if DNS servers are set into "recursive mode", as I am SURE YOU OF ALL PEOPLE REALIZE, that DNS's VERY susceptible to DNS redirection poisoning (over port 53 via UDP/TCP, iirc)...

So - lastly:

Yes, I also know who you are Mr. Nagle, especially via your RFC I complimented you on this past week here no less on -> http://tech.slashdot.org/comments.pl?sid=2556266&cid=38265686 )!

Yes - I respect that in fact.

I.E.-> Not everyone, especially on /. here, does something to "help the human condition" via good works as you have.

... apk

This is a bad idea, and it's being deceptively promoted. The OpenDNS site says "DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security." This is willfully misleading.

This isn't a way to make the existing distributed DNS infrastructure more secure. It just establishes an encrypted connection between your machine and one central DNS server farm belonging to OpenDNS. One that makes its money by redirecting nonexistent domains to ad sites.

There have been slimy DNS providers before. Comcast is notorious for this. The Wikipedia article on OpenDNS summarizes the privacy issues, conflicts, and problems with OpenDNS. At one point, OpenDNS tried redirecting address bar searches to their own search page., which is apparently permitted by their terms of service.

OpenDNS isn't that bad. They're only a little evil. But they're also unnecessary.

I don't *think* you guys understand HOW I utilizing a HOSTS file, because of what you said about it being "monolithic" - I don't use it as a "DNS substitute" for all addresses possible online (because I would even find THAT HILARIOUS to try to do from a HOSTS file)!

FOR SECURITY:

I just do NOT setup local ones @ home (no point to burn the extra CPU cycles, & thus, electric power, or RAM + other forms of I/O used in them).

I do so for security, and just because of things like:

1.) This issue (it has a patch by the way) & vs. this, & the other numerous troubles in BIND over time, which are numerous (another 'case-in-point'/e.g. is "the Kaminsky Flaw" & other redirect/dns-poisoning attacks that have happened over time the past few yrs. now).

2.) I currently BLOCK OUT 1,624,230++ KNOWN BAD SITES/SERVERS/HOSTS-DOMAINS in it that are KNOWN to serve up malicious exploits of various types in it, mostly... this is for security purposes, & specifically what's called "Layered-Security"/"Defense-in-Depth" security.

FOR EXTRA SPEED:

A.) I "hardcode in" about 250 of my FAVORITE sites into it (where I spend 99% of my time online), but, I don't attempt to "resolve the entire internet" via HOSTS either (which is what it sounds like you're thinking)... Doing this results in FASTER ONLINE WEBSURFING PERFORMANCE & is faster resolutions of hosts-domain names to IP Addresses, by far, than calling out to a remote DNS server, by orders of magnitude, & runs LESS RISK of being infested via redirected/DNS-poisoned ones too as noted above.

B.) For blocking out adbanners, which have housed malicious script code in them MANY times in the recent past & before that even (last 8 yrs. or so I have records of this in multiple occurences for example), & for the fact that adbanners take away bandwidth & speed YOU THE USER PAY FOR OUT OF POCKET!

In fact, for websurfing? By feel alone, I can basically get as fast as any FIOS connection because of this, & getting ALL of the possible bandwidth I paid for...

By the by: I do utilize DNS servers (albeit, 'external' ones/non-local to my computer here):

Norton DNS:

https://dns.norton.com/dnsweb/homePage.do

Open DNS:

https://store.opendns.com/get/basic

ScrubIT DNS:

http://www.scrubit.com/

In a "truimvirate formation" (w/ in my Windows IP DNS settings + Hardware Router firewall)

Why?

Simply because they FILTER OUT known malicious sites threats too (phishing, spamming, & other malicious things like scripts for attack or that serve malware etc.).

* Anyhow/anyways: HOSTS work, & for extra speed & security online!

(It just works... especially mine since it's been built since 1997 for the above, & gets stronger every 15 minutes - plus it uses 0.0.0.0 for faster parsing, & I cut the local DNS cache in Windows (slows down on larger HOSTS files) & cache it like any file is cached, via the local kernelmode diskcache subsystem for reads/subsequent re-reads...!)

APK

P.S.=> I have it FULLY automated too, every 15 minutes it's being fed with data to block out adbanners + known malicious servers noted above from a pristine TEMP/SCRATCH copy from 17++ reputable & reliable sources for that in fact!

I don't lift a finger to do it - pure "automagic" operations & has been since oh, roughly/approximately 2002 or thereabouts!

(E.G./I.E.-> From 1997-2002 I built it using MS-Access for removal of duplicates, then Delphi app 2002-2010 which was FINE for the smaller lists of that data the way I built it's deduplication/normalization algorithms).

Now, it's built in a system that my nephew & I co-wrote in Python (I stuck by it because it's set deduplication/normal

http://opendns.com/

Mainly these 3 (which integrate into your IP stacks' settings & hardware router/firewalls too) - Each has a writeup on how/why/when/where they work too:

---

Norton DNS:

https://dns.norton.com/dnsweb/faq.do

OpenDNS:

https://store.opendns.com/get/basic

ScrubIT DNS:

http://www.scrubit.com/index.cfm?page=faq

---

* EACH does a heck of a job supplementing online security (in addition to my custom HOSTS file + Firewall rules tables I noted in my prior post I am replying to now)...

APK

P.S.=> It's ALL about "layered-security/defense-in-depth" first of all, but the nicest part? Well... THAT, is the added SPEED this layered security setup of mine yields (in addition to hardening the TCP/IP stack vs. attack, mostly via this -> http://msdn.microsoft.com/en-us/library/ff648853.aspx )...

... apk

Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

STILL, DNS HAS PROBLEMS... MANY PROBLEMS OVER TIME & EVEN RECENTLY BEYOND THAT OF THIS ARTICLES' POINTS:

---

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

(Yes, even "security pros" are helpless vs. DNS problems in code bugs OR redirect DNS poisoning issues, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles (DNS redirect/DNS poisoning) being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

(So until DNSSEC takes "widespread adoption"? HOSTS are your answer vs. such types of attack

2. It is a little weird that way, and as asdf7890 noted, they even do NXDOMAIN redirects. But I think their benefits (here) have to be weighed against that. Being up-front about their business model can't be ignored, either.

What's a little weird is that someone who wants parental controls and anti-phishing features really believes that DNS is the very best way to accomplish that. Those sound like features you'd roll out on your household/instutional LAN without breaking RFC on relatively basic protocols like DNS.

All I want DNS to do is return the IP address for a given hostname, or an NXDOMAIN if that hostname does not exist. You know, just those things it was designed and intended to do. Anything else is beyond the scope of DNS.

If you are worried about phishing, the solution is to stop giving your account information to every unverifiable random stranger who asks for it. Seriously if you can't understand why that's a bad idea, and really have no clue/savvy/street-wisdom about these matters, you have far bigger problems than a new DNS service is going to solve. If you are worried about parental controls, the solution is to be involved in your childrens' lives and teach them what is and is not acceptable, and perhaps if you think it is appropriate to install software designed for this purpose that manages to accomplish its tasks without usurping DNS (if they can defeat those, they can also change the default DNS server so no, OpenDNS is not a magic substitute for being a parent either).

I mean if you think OpenDNS is greater than sliced bread by all means use it. Your decision to use it meets the minimum standard for decency in that it does not affect my experience against my will. Nor am I trying to tell you that you shouldn't use OpenDNS. It's just that the whole "managed experience" deal never appealed to me, no matter what the subject is, no matter who does the managing. It most strongly appeals to those who want someone else to worry about what are really their own problems and are willing to cede to third parties the tremendous level of trust/influence this type of solution requires.

Screw your ISP's DNS servers. Just do not use them . Join OpenDNS. It's free. Then, use their DNS servers (208.67.222.222 and 208.67.220.220) instead.

Granted, this won't stop weird stuff happening if you mistype a domain name in a URL. But, AFAIK, OpenDNS doesn't serve up a page of affiliate links (they do serve up a list of links, but the spellings are obviously close to what you misspelled/mistyped -- once you switch to OpenDNS, try going to this site to see what I mean). And they definitely do not change links or banners in Web pages.

To somewhat get around the misspelling issue, use your hosts file. If you consistently misspell/mistype a domain name, enter that misspelling into your hosts file mapped to the correct IP address. Indeed, you could enter a whole group of likely misspellings for a domain name and map them all to the correct IP address. You're address bar will start to act like Google's search bar. Better yet, proofread what you've typed into the address bar before hitting or clicking Enter. Wait, this is /. Never mind... ;-)

If you use a hosts file like the one provided by winhelp2002, you will also be protected from a large number of malware/tracker sites. The hosts file you can download from winhelp2002 maps the domain names of known malware/tracker sites to 127.0.0.1. And, they update the downloadable hosts file regularly. Again, a free service.

1. In the footer of every page: 208.67.222.222 and 208.67.220.220. You don't need to register or anything like that to actually use it.
2. It is a little weird that way, and as asdf7890 noted, they even do NXDOMAIN redirects. But I think their benefits (here) have to be weighed against that. Being up-front about their business model can't be ignored, either.

Doesn't OpenDNS return bogus results for what should be NXDOMAIN responses? http://www.opendns.com/home/basic/ suggests so with "The customizable OpenDNS Guide page appears when you try to access a non-existent website and displays relevant search results to help you get where you want to go" and no hint that it can be turned off (at least on the basic account).

I've been using Google's DNS service (8.8.8.8 and 8.8.4.4) since a little problem with my last ISP's servers one day last year, and they honour NXDOMAIN correctly.

Everybody loves OpenDNS?

Which is a ZEUS botnet variant, albeit for "smartphones" (specifically ANDROID iirc):

http://www.google.com/search?hl=en&source=hp&q=ZITMO&btnG=Google+Search

SO, how to do THAT?

Well, use a custom HOSTS file on ANDROID

(Albeit, a modified one, filled with entries blocking out known bad sites/servers/hosts-domains that serve up malware like this, + their botnet C&C servers too):

ANDROID phones can also use the HOSTS FILE TO KEEP DOWN BILLABLE TIME ONLINE, vs. adbanners or malware such as this:

---

Infected Androids Run Up Big Texting Bills:

http://it.slashdot.org/story/11/03/01/0041203/Infected-Androids-Run-Up-Big-Texting-Bills

---

It's easily done too, via the ADB dev. tool (Android Debug Bridge):

---

1.) Mount ANDROID OS' system mountpoint for system/etc as READ + WRITE/ADMIN-ROOT PERMISSIONS

2.) Copy over your new custom HOSTS over the old one using ADB PULL/ADB PUSH to do so

(Otherwise ANDROID complains of "this file cannot be overwritten on production models of this Operating System", or something very along those lines - this way gets you around that annoyance along with you possibly having to clear some space there yourself if you packed it with things!).

---

* DONE, & "easy as apple pie"...

APK

P.S.=> And, IF POSSIBLE? Also, alter your DNS servers to DNSBL filtering ones!

E.G.-> These 3 are really good vs. malware + phishing exploiters online:

Some DNS servers are "really good stuff" vs. phishing, known bad sites/servers/hosts-domains that serve up malware-in-general & malicious scripting, botnet C&C servers, & more, such as:

Norton DNS -> http://nortondns.com/
ScrubIT DNS -> http://www.scrubit.com/
OpenDNS -> http://www.opendns.com/

(Norton DNS in particular, is exclusively for blocking out malware, for those of you that are security-conscious. ScrubIT filters pr0n material too, but does the same, & OpenDNS does phishing protection. Each page lists how & why they work, & why they do so. Norton DNS can even show you its exceptions lists, plus user reviews & removal procedures requests, AND growth stats (every 1/2 hour or so) here -> http://safeweb.norton.com/buzz so, that ought to "take care of the naysayers" on removal requests, &/or methods used plus updates frequency etc./et al...)

HOWEVER - There's ONLY 1 WEAKNESS TO ANY network defense, including HOSTS files (vs. host-domain name based threats) & firewalls (hardware router type OR software type, vs. IP address based threats): Human beings, & they not being 'disciplined' about the indiscriminate usage of javascript (the main "harbinger of doom" out there today online), OR, what they download for example... & there is NOTHING I can do about that! (Per Dr. Manhattan of "The Watchmen", ala -> "I can change almost anything, but I can't change human nature")

HOWEVER AGAIN - That's where NORTON DNS, OpenDNS, &/or ScrubIT DNS help!

(Especially for noob/grandma level users who are unaware of how to secure themselves in fact, per a guide like mine noted above that uses "layered-security" principles!)

ScrubIT DNS, &/or OpenDNS are others alongside Norton DNS (adding on phishing protection too) as well!

( & it's possible to use ALL THREE in your hardware NAT routers, and, in your Local Area Connection DNS properties in Windows, for again, "Layered Security" too)...

HOWEVER:

This I have NOT tried on ANDROID, as I have with HOSTS files, but since it's doabl

Norton DNS does http://nortondns.com/ can be a GREAT thing to help stall, or even stop, the malware problem online.

They filter on "malware-in-general" such as KNOWN bad sites/servers/hosts-domains, botnet C&C servers, & even bogus DNS servers by default (and their updates every few minutes for continuously updated protection are here http://safeweb.norton.com/buzz with site-checkers & even a removal appeals process etc./et al... IF a site does "clean up its act" etc. )

Another decent set of these are:

---

ScrubIT DNS -> http://www.scrubit.com/

&

Open DNS -> https://store.opendns.com/get/basic (with built in phishing protection even in the FREE basic model)

---

I use all 3 @ once in my NAT stateful packet inspecting Linksys/CISCO router + my IP stack setup for my Local Area Connection here... in layered security fashion!

* Each as a write up on how they work, why they help, & more... enjoy!

APK

P.S.=> Between the layering of Filtering DNSBL utilizing DNS servers listed above, because I use them ALL in "layered-security fashion" in both my routers & IP stack setup here in Windows, in combination with:

---

1.) A custom HOSTS file ( currently with 1,494,865++ entries of known bad sites/servers/hosts-domains, botnet C&C servers, & even rogue DNS servers blocked in it currently & growing "automagically" from 17 reputable & reliable sources for that type of data for HOSTS as well as DNSBL lists here from a Python script that does so for me),

and

2.) IP addressed threats inserted into my router & software firewalls

3.) And lastly, system security-hardening, in depth -> http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

---

?

I haven't caught a "malware of any kind" infection/infestation since, oh, around 1996 or so in fact!

"Layered security", the best thing we have going currently, really WORKS!

... apk

Google DNS OpenDNS

You're missing the fact that your laptop, server, or ISP can remember the DNS resolver addresses.

But if I forget the DNS resolver addresses, and I'm on a system that has never remembered the addresses in the first place, how do I look them up without already having working DNS? At least under IPv4, it's easier to remember the IPv4 addresses of Google Public DNS or OpenDNS in my head than to remember to carry a USB flash drive containing a text file of the addresses. And it's a lot cheaper to remember the IPv4 addresses in my head than to subscribe to smartphone service, which according to Sprint and T-Mobile costs $65 per month more than my current cell phone service through Virgin Mobile USA.

You might assume that I am unlikely to run into a system that has never remembered the addresses in the first place. But I often troubleshoot problems with Internet access for family members, and many of these problems come from problems with the DNS server whose IPv4 address the ISP has provided through DHCP. For example, not only does Comcast hijack NXDOMAIN responses to its own "Comcast Domain Helper service" advertising pages, but in a lot of cases, Comcast's DNS servers intermittently forget that a subscriber's account is still subscribed and acts as a captive portal to the "self-install" setup page where the user can download a Windows executable file to configure the modem for a first-time installation. Hardcoding Google Public DNS solves this problem every time.

There's something very wrong if you have to type public DNS server addresses often enough that memorization is a big help. However, even in that case, I don't think IPv6 is necessarily more burdensome. For example, compare OpenDNS's IPv4 vs. IPv6 addresses. Is it harder to remember "2620:0:ccc::2" than "208.67.220.220"? I think I'd actually prefer the former since it has letters as well as numbers.

Another subtlety that I'd forgotten is that nothing in the DNS protocol prevents queries over IPv4 from being answered with AAAA IPv6 records or queries over IPv6 from being answered with IPv4 A records. Google Public DNS explicitly supports queries for AAAA records even though the service itself is only available via IPv4. The addresses you've already memorized (8.8.8.8 and 8.8.4.4) will work fine for looking up IPv6 addresses.