[$] System-wide encrypted DNS

Date:
Wed, 28 May 2025 13:55:44 +0000

Description:
The increasing sophistication of attackers has organizations
realizing that perimeter-based security models are inadequate. Many
are planning to transition their internal networks to a zero-trust
architecture . This requires every communication on the network to
be encrypted, authenticated, and authorized. This can be achieved in applications and services by using modern communication
protocols. However, the world still depends on Domain Name System
(DNS) services where encryption, while possible, is far from being the
industry standard. To address this we, as part of a working group at
Red Hat, worked on fully integrating encrypted DNS for Linux
systemsnot only while the system is running but also during the
installation and boot process, including support for a custom
certificate chain in the initial ramdisk. This integration is now
available in CentOSStream9, 10, and the upcoming
Fedora43 release.

======================================================================
Link to news story:
https://lwn.net/Articles/1021357/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)