DNSCrypt

For discussions about security.
Post Reply
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

DNSCrypt

#1 Post by labbe5 »

http://digital-era.net/encrypt-dns-traf ... position=1

DNSCrypt is a protocol for securing communications between a client and a DNS resolver, preventing spying, spoofing or man-in-the-middle attacks. To use it, you’ll need a tool called dnscrypt-proxy, which “can be used directly as your local resolver or as a DNS forwarder, authenticating requests using the DNSCrypt protocol and passing them to an upstream server“.

According to Pascal, he didn’t use the US based OpenDNS resolver, because it keeps logs of the websites you visit and it hijacks the homepage on all browsers, redirecting any URL bar search to its own servers in some cases, which does not happen with the DNSCrypt.eu servers.

With this app, we are a step closer to surfing the Web without corporate or government monitoring, and making it more difficult for hackers.

A move in the right direction to make the internet a more safer place for us all.

For more information about DNSCrypt, click the link above. The article is about Ubuntu, but the app being open source, any developer can make it work on any Linux OS.

Scooby
Posts: 599
Joined: Sat 03 Mar 2012, 09:04

#2 Post by Scooby »

Tried it and I liked it.

Theres is a bit of lag, not much but noticeable.
I'm using a server in my own country

Maybe it could be sped up using dnscaching

from arch wiki
It is recommended to run DNSCrypt as a forwarder for a local DNS cache, otherwise every single query will make a round-trip to the upstream resolver. Any local DNS caching program should work, examples below show configuration for Unbound and dnsmasq.
Will definetly try this and I will use it by default

link below to possible dnscrypt-resolvers

https://raw.githubusercontent.com/jedis ... olvers.csv

Is tor using it?
No it seems it doesn't need to since DNS resolves are done on the exit node side

Thank you for some good posts labbe, keep it up :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#3 Post by Flash »

How does DNSCrypt "make it more difficult for hackers?" Or would you have to shoot me if you told me? :roll:

Scooby
Posts: 599
Joined: Sat 03 Mar 2012, 09:04

#4 Post by Scooby »

if you switch from a dns provider who happily
provides info to your own evil government empire
to one without logs it seems to me anotherway
of terrorizing my privacy is plugged.

I don't want the government to install
microphones in my bedroom so I for me it's
natural for not wanting them to do it on my comp
it' the same

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#5 Post by 8Geee »

Well, one could snip the wires to the installed microphone in a computer. As long as the microphone port still works so you can add one, OR NOT.
Netbooks are notorious of installing mic's. Snip-snip its gone.
I'd be more concerned about cameras, now THERE's intrusion.
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."

Post Reply