Executive Order 14144 - encrypted DNS
Carlos Horowicz
carlos at planisys.com
Mon Jan 27 13:02:44 UTC 2025
IMHO this has nothing to do with DNSSEC, it sounds more like the urge to
encrypt resolver traffic (I guess they're referring to DoT)
On 27/01/2025 13:55, Marc wrote:
>> FYI - EO 14144 has the following provision related to encrypting DNS:
>>
>> (c) Encrypting Domain Name System (DNS) traffic in transit is a critical
>> step to protecting both the confidentiality of the information being
>> transmitted to, and the integrity of the communication with, the DNS
>> resolver.
>> (i) Within 90 days of the date of this order, the Secretary of
>> Homeland Security, acting through the Director of CISA, shall publish
>> template contract language requiring that any product that acts as a DNS
>> resolver (whether client or server) for the Federal Government support
>> encrypted DNS and shall recommend that language to the FAR Council.
>> Within 120 days of receiving the recommended language, the FAR Council
>> shall review it, and, as appropriate and consistent with applicable law,
>> the agency members of the FAR Council shall jointly take steps to amend
>> the FAR. (ii) Within 180 days of the date of this order, FCEB agencies
>> shall enable encrypted DNS protocols wherever their existing clients and
>> servers support those protocols. FCEB agencies shall also enable such
>> protocols within 180 days of any additional clients and servers
>> supporting such protocols.
>> ....
> Disclaimer, not really an dns expert
>
> What is this referring to DNSSEC? Afaik is just signing traffic not? What is the point of encrypting data with the current implementation of certificates. Even google does not trust CA's with it's certificate pinning.
>
>
More information about the bind-users
mailing list