@Voxel: Any chance of getting this into your firmware? 
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
DNS-over-TLS?
- Thread starter ajp2k14
- Start date
Voxel
Part of the Furniture
@Voxel: Any chance of getting this into your firmware?
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
Do you think it is better than dnscrypt-proxy? IMO dnscrypt-proxy is good enough and provides good privacy for your DNS queries.
Voxel.
I don't know to be honest? I know Dnscrypt isn't a proper standard but I'm not sure uf DNS-over-TLS is either? Anyway, I'm using Quad9 DNS right now and they haven't implemented Dnscrypt yet, only DNS-over-TLS, they are looking into it however. The problem I have with Dnscrypt is that many of the servers seem a bit unstable, sometimes they don't resolve certain hostnames etc and some of them like dnscrypt.eu-dk doesn't work at all for me anymore..
Killhippie
Senior Member
Quad9 DNS has its own issues I think considering its set up with the City of London Police as a founding organisation, which then makes me think of GCHQ etc. I'm quite happy with my ISP's DNS (Idnet) and a VPN. I know my information is stored etc but the VPN gives me the privacy I want and IDnets DNS servers are very reliable and they use DNSCrypt as well.
Last edited:
I didn't know City of London Police was involved, thanks! That alone makes me a bit uneasy cosidering the where the UK seems to be heading...
Not sure I want to use my ISP DNS even though I use a Pi-Hole to filter ads etc but I know a couple of local VPN providers which provide a public non-logging DNS I could use, those are not Dnscrypt though. I don't run a VPN client on my router so I would like all my network to be as protected as possible...
Killhippie
Senior Member
Some info about Quad9 and a quote from the article. "The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security"I didn't know City of London Police was involved, thanks! That alone makes me a bit uneasy cosidering the where the UK seems to be heading...
Not sure I want to use my ISP DNS even though I use a Pi-Hole to filter ads etc but I know a couple of local VPN providers which provide a public non-logging DNS I could use, those are not Dnscrypt though. I don't run a VPN client on my router so I would like all my network to be as protected as possible...
https://www.theregister.co.uk/2017/11/20/quad9_secure_private_dns_resolver/
Some info about Quad9 and a quote from the article. "The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security"
https://www.theregister.co.uk/2017/11/20/quad9_secure_private_dns_resolver/
Yes, that's the one that came up when I searched for it after you told me about it! I usually read The Reg articles so I don't know how I missed that one. Never saw those details before in all the press releases... *puts on tinfoil hat*
Voxel
Part of the Furniture
Well, I personally use dnscrypt-proxy to keep my privacy. I hope I do not do something illegal to hide my activity in Internet for my ISP or for others including government services, but I just want to use my human rights for keeping my privacy. Although I know that it is worldwide tendency to make our activity in Internet traceable for government services.
I checked you are right, dnscrypt.eu-dk really unreachable now. It is why I suggest to use at least 3-4 servers, not single one. I use six and all of them are in different countries.
IMO the best way to break your privacy is to organize for you own service for “keeping privacy” with full access to your secrets.
I'd like to get more arguments Stubby vs dnscrypt-proxy to include it into FW.
Voxel.
I checked you are right, dnscrypt.eu-dk really unreachable now. It is why I suggest to use at least 3-4 servers, not single one. I use six and all of them are in different countries.
IMO the best way to break your privacy is to organize for you own service for “keeping privacy” with full access to your secrets
.I'd like to get more arguments Stubby vs dnscrypt-proxy to include it into FW.
Voxel.
Well, I personally use dnscrypt-proxy to keep my privacy. I hope I do not do something illegal to hide my activity in Internet for my ISP or for others including government services, but I just want to use my human rights for keeping my privacy. Although I know that it is worldwide tendency to make our activity in Internet traceable for government services.
I checked you are right, dnscrypt.eu-dk really unreachable now. It is why I suggest to use at least 3-4 servers, not single one. I use six and all of them are in different countries.
IMO the best way to break your privacy is to organize for you own service for “keeping privacy” with full access to your secrets
I'd like to get more arguments Stubby vs dnscrypt-proxy to include it into FW.
Voxel.
Yeah too bad, dnscrypt.eu-dk was very fast for me. I've dropped them an email asking what's up. I'll certainly consider using multiple dnscrypt servers, I just want servers which are as close as possible to my location so the latency is reduced.
I'm not overly concerned about spying and monitoring of my internet activity because I live in a country which is pretty decent in that regard but still you never know...
Here's another DNS-over-TLS..
https://tenta.com/dns-setup-guides
I believe Google is going to implement DNS-over-TLS on Android in the near future?
Voxel
Part of the Furniture
There is a checker to test what server(s) is(are) best for you (should be run from Windows):
https://github.com/bitbeans/dnscrypt-measurement
it requires dnscrypt-resolvers.csv. Latest is available from this link:
https://github.com/jedisct1/dnscrypt-proxy/raw/master/dnscrypt-resolvers.csv
You can check for an alternative of dnscrypt.eu-dk.
Voxel.
Thanks, much appreciated!
Is there a way to update resolvers.csv in your firmware? I know there were some updates lately...
Voxel
Part of the Furniture
Usually I include latest version to my release.
You can copy fresh downloaded resolvers.csv manually (from telnet/ssh console) e.g. from USB stick, something like:
Code:
/etc/init.d/dnscrypt-proxy stop
cp /mnt/sda1/dnscrypt-resolvers.csv /usr/share/dnscrypt-proxy/
/etc/init.d/dnscrypt-proxy startVoxel.
Excellent, thanks for the help!
Well, I personally use dnscrypt-proxy to keep my privacy. I hope I do not do something illegal to hide my activity in Internet for my ISP or for others including government services, but I just want to use my human rights for keeping my privacy. Although I know that it is worldwide tendency to make our activity in Internet traceable for government services.
I checked you are right, dnscrypt.eu-dk really unreachable now. It is why I suggest to use at least 3-4 servers, not single one. I use six and all of them are in different countries.
IMO the best way to break your privacy is to organize for you own service for “keeping privacy” with full access to your secrets
I'd like to get more arguments Stubby vs dnscrypt-proxy to include it into FW.
Voxel.
@Voxel I just tried dnscrypt.eu-dk on a Raspberry Pi with dnscrypt and it looks like it's working fine, any idea why?
Voxel
Part of the Furniture
Similar threads
Latest threads
-
-
Release ASUS RT-BE96U Firmware version 3.0.0.6.102_37024 (10/23/2024)- Started by DMcD-EMS-USMC
- Replies: 0
-
-
-
BQ16 pro - best solution for me
- Started by coaltrans
- Replies: 2
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!