Hello, welcome to the Wednesday, May 30th, 2018 edition of the Sansonet Storms, Stormcast. My name is

Johannes Ulrich and I'm recording from Jacksonville, Florida. Recently, I have been seeing more and more

talk about two different DNS features. So I wrote them up with a little bit of real packet captures in case someone is interested in them.

First feature is DNS cookies.

That's supposed to replace or at least augment DNS sec somewhat.

DNS sec, of course, is not all that easy to set up DNS cookies, set themselves up pretty much

automatically.

So the hope is that it's safe enough and a lot easier to deploy than DNSSEC.

Now Ubuntu 18.04 LTS, which was just released, has this feature enabled by running the latest version

of Bind. The other issue DNS over TLS has gotten a real big boost recently with Cloud

Flair supporting it on their Quad quad one DNS servers that data deployed.

Another issue that probably helps with DNS over TLS is that the very popular DNS forwarder

Unbound supports it. Unbound is pre-installed in many Linux and BSD-based firewalls.

So if you have one of them, it may be possible to enable it on your firewall.

The advantage of DNS over TLS is privacy.

It doesn't really protect anybody from reflective attacks or from spoofing, but it does protect

the connection from the client to the respective recursive name server, which of course

in this case would probably be Cloudflare's name server.

But well, enough about DNS, let's take a look at other news.

Apple today released an update for iOS and

watchOS as well as for iTunes and TV OS. Notably missing here is Mac OS. The main focus here

was a set of new features around iOS. Now, the problem is that these patches,

...