The increasing sophistication of attackers has organizations
realizing that perimeter-based security models are inadequate. Many
are planning to transition their internal networks to a zero-trust architecture. This requires every communication on the network to
be encrypted, authenticated, and authorized. This can be achieved in applications and services by using modern communication
protocols. However, the world still depends on Domain Name System
(DNS) services where encryption, while possible, is far from being the
industry standard. To address this we, as part of a working group at
Red Hat, worked on fully integrating encrypted DNS for Linux
systems-not only while the system is running but also during the
installation and boot process, including support for a custom
certificate chain in the initial ramdisk. This integration is now
available in CentOS Stream 9, 10, and the upcoming
Fedora 43 release.
https://lwn.net/Articles/1021357/
--- SBBSecho 3.25-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)