Configuring DNS-over-TLS on macOS

Note: this post has been updated to fix a mistake in the knot-resolver configuration. The earlier version would not have provided the privacy it purported to. I regret the error.

Until yesterday I hadn’t thought too much about DNS metadata leakage. Here’s how it works: your computer sends out a request to resolve a DNS hostname, let’s say “topsecretwebsite.example,” and your DNS server responds back with its IP address in a way that’s easy to eavesdrop on. It’s wild that the Internet works like this by default.

What happened yesterday is a company called CloudFlare (a popular and free content delivery network) announced a new DNS service at the IP address 1.1.1.1. (Yes it launched on April 1, no it’s not a joke.) The service supports a couple of interesting privacy protecting options: DNS-over-HTTPS and DNS-over-TLS. Those technologies don’t guarantee your DNS lookups are accurate (check out DNSSEC for that), or that the DNS provider won’t someday betray you, they just make it’s harder to collect metadata by listening in on DNS’s cleartext port 53.

Read more →

Making websites with WordPress

Tonight I’ll be giving an introductory presentation on using WordPress as part of the Trade School workshop series. Unfortunately my session is already full, but I’d like to do this again in the future (perhaps for The Public School?). In any case, here are my presentation slides (pdf).

Trade School has an interesting model: students bring an item or perform a task in exchange for the teacher’s time. In my case these objects (no tasks in my case) fall into two categories: personal enjoyment and materials for my projects. They range in “material value,” but the point for me isn’t so much that I get a fair exchange. Besides, our society is really bad at arriving at a reliable price on education.

Read more →