Google Developing IETF-Standard "DNS-over-TLS" for Android (AOSP)

That sounds nerdy. Why should I care about DNS-over-TLS?


Tech | Oct. 24, 2017


Google. They are so effing wiley. Without fail, they come through with some of the most innovative "perks" to come into the devices we'll coddle on a day-to-day basis. So much, that the other "big brand" (You know who. Teehee.) painstakingly cherry picks the best features and includes them in the next update. Though, I gotta say, this one has almost any competitor beat. In the increasingly aware age that we live in, security is becoming more and more of a need, desire, and art form. SSL (the little 'https' in front of a URL, the little lock logos, green "SECURE" banners in your address bar) encrypts your data (or what we call "transactions") between your browser and your server, so those "l33t 4ack3rz" can't easily sniff your information, like credit card, banking, and other personal info.

Most would even take a step further and use a VPN, or Virtual Private Network, to help themselves sleep a little easier at night. Obviously not all of us are able to use a VPN, but an SSL (Secure Sockets Layer) / TLS (Transport Layer Security) encrypted connection is, for many, the way to go on a day-to-day basis. For many good reasons. Keeping your private information out the hands of random internet jerks is probably one of the first things you should be worried about, but alas, most sites now are encrypted as such, and you don't need to worry about it as much as you did a few years ago.

What about your DNS transactions though? 

 

"DNS is not something I have to worry about... I am encrypted!"

 

Unfortunately, that is not the case. DNS, or Domain Name System, is one of the backbones of "das interwebz". Without getting too technical (trust me. I will get VERY technical about DNS in a future article), DNS acts as the internet's phonebook. Every time you type a web address, say "google.com" into your address bar, a DNS server gets shot a query asking what the IP address of that server is. This helps us use the internet the way that we do. Imagine if you had to remember EVERY SINGLE phone number in your contact list, instead of just searching by name. It's pretty much like that without DNS.

DNS connections by their nature are sent via UDP (User Datagram Protocol) or TCP (Transmission Control Protocol), and totally unencrypted. That's right; your SSL/TLS connection to your favourite website is not stopping anyone in betwixt from reading your transactions between any given DNS server. Basically, I can't see what you are doing in the building, but I can see every single building you go in to.

This is where the approach to DNS-over-TLS comes in. It is a standard proposed by the Internet Engineering Task Force; a voluntary consortium that helped consolidate the standards that make what we call "The Internet" run. Google has stepped up to the plate and decided to start coding up the DNS-over-TLS standard proposed by IETF (officially known as RFC 7858) into their newest Android devices. Hold your horses, though; it's not officially ready for beta yet, but considering how fast The Google tends to take care of things, I think we can expect to see it hit AOSP devices and most *nix systems (hopefully) within the next 12 months, at least in beta form. 

There are some caveats (handshakes are still clear-text, not encrypted end-to-end), but if you are that worried about it, then a VPN is what you should probably be using. Nevertheless, this is a wonderful step forward for the open-source community and helping to set better security standards as a whole. 

 

If you want to read more about IETF, Google's Android Open Source Project (AOSP), or in particular, RFC 7858, check the links below:

- Internet Engineering Task Force - http://ietf.org/

- Google AOSP - https://source.android.com/

- RFC 7858 - https://datatracker.ietf.org/doc/rfc7858/

 

Thanks for reading! I will will be writing plenty more in the future. So, yeah; hope you are ready to "get your nerd on"...

 

 


 

---------------------

Image Attribution:

"DNS" by Creative Stall from the Noun Project

"ssl lock" by Kirby Wu from the Noun Project

 

ABOUT ME



Hi! I am Ronin Dusette. I have many passions; photography, technology, music, travel, martial arts, gaming, cooking... Just whatever tickles my fancy. When I am out on adventures, I have things I would like to share, which is why I created this blog. From visual art, cooking and tech tips, and pretty much anything else I can think of to write will be verbally and visually painted here on this canvas. I hope you enjoy following me on my journey through life. Engage in conversations with me, ask questions, share your thoughts and art. I hope you enjoy what you see here. Thanks for visiting!


FOLLOW ME