What's new

Behold - the CIRA Canadian Shield

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

There's my answer:

Where do you get your threat intelligence?

CIRA works with Akamai, a global provider of internet technology. They are responsible for over 30% of all traffic in the internet and 4% of all global DNS queries (yes that is billions and billions of queries). Anytime a DNS lookup is performed for the very first time anywhere it is automatically quarantined and inspected. If it is determined to be malicious then it is added globally to the block list. Machine learning and AI is also used to detect patterns in seemingly unrelated DNS lookups to detect and block malicious activity. Many botnets use algorithmically generated domain names to function and many have been reverse engineered so that the malicious domains are automatically on the list. And finally, the service incorporates 3rd party feeds from both commercial cybersecurity vendors and the open source community.

Notably, while the threat detection is global, the service is only delivered from servers located in Canada and managed by CIRA.

EDIT:
And color me impressed:

Does CIRA support DNS over TLS (DoT) and DNS over HTTPs (DoH)?


Yes. Both DNS encryption standards are supported.
 
>>Built by Canadians for Canadians

Finally! That should keep all that Canadian data from clogging up our Internet! :D

OE
 
So... anybody tried it yet? :)
 
I set it up a month or more ago. No issues that I am aware of. Didn't notice anything being blocked so far either, not that I've tried any specific tests.
 
Anyone set this up with DoT or even DoH?

I cannot seem to find any info on their website with instructions on how to set up.

Set it up where?

The link I posted does contain instructions for multiple platforms.
 
Set it up where?

The link I posted does contain instructions for multiple platforms.
On a 86u running 394.19. There does not appear to be any instructions on setting up DoT. Just platform specific instructions for setting up their non-encrypted dns.
 
Thank you Sir! Was browsing from my phone and did not realize I could scroll that table to the right for the DoT specific info. Works like a charm.
if you like that, you should consider setting up unbound, which makes you your own DNS...assuming you're running Merlin's firmware
 
I would rather someone else own the DNS like QUAD9. When problems happen with DNS I don't want to be exposed until someone can write a fix for me which may take weeks. I will never run unbound as I don't want that much responsibility.
 
I would rather someone else own the DNS like QUAD9. When problems happen with DNS I don't want to be exposed until someone can write a fix for me which may take weeks. I will never run unbound as I don't want that much responsibility.
if unbound fails, there is a fallback where you can set CIRA, google, quad9, cloudflare...otherwise your network wouldn't resolve anything
 

Wondering if anyone has tired using this dns service, Im currently using the alpha(386.1) firmware and I see there are more options now to pick from (DoT)

Any thoughts??
 
I've been using the "family" level DNS filtering since it was announced and have not experienced any issues. It has performed as expected.
 
I've been testing the "protected" dns servers for the last day and things are running well.

Part of it was that when I ran the test for SAD DNS and the previous DNS servers I'd configured didn't pass, but these did :)

Thanks again for the note about these @RMerlin !
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top