It depends on if you believe the DNSCrypt resolvers file. There is a flag that indicates if the server is 'logging' or 'non-logging'. When I implemented it in my fork, I put in a filter for this in the server selection.
View attachment 11618
## Require servers defined by remote sources to satisfy specific properties
# Server must support DNS security extensions
require_dnssec = false
# Server must not log user queries
require_nolog = false
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = false
There's a link 'Watch thread' on the upper right corner if you just want to receive notifications from a thread, without posting.
I understand what your saying, but don't fully agree on the privacy part. At least it keeps my nosy ISP from keeping a tap on my DNS queries and it validates lookups. Having said that, OpenDNS, nowadays owned by Cisco (which is not particularly a non-dominant player imho) still offers no support for DNSSEC, as far as I'm aware, yet fully supports DNSCrypt (which they introduced) and webbased content filtering. Using Cisco DNS is fully anonymous, unless you decide otherwise by creating an account to personalize your content filtering settings. There are ways to opt-out of non-anymous data collection, based on new legislation, but I feel no need to do so myself, as that's the consequence of enabling OpenDNS stats.[/QUOTE
Keep in mind that nothing on the Internet is free. Cisco data mines your DNS requests at the server (encrypted or not on the way there) for their cloud and system based DPI.
/dedd
Has he implemented the option to ignore timestamps from certs yet? That is necessary to properly integrate it for embedded devices without a RTC.
Link fixed in the installer.Note of the timeout in the toml file seems to indicate that if there is no queries , it will terminate the dnscrypt-proxy. Default is 2500. I set to 4500. I think the process timeout when I set the cert refresh to 60min instead of 30 min.. the 2500 (41.67min) timeout and terminate the process.
I will monitor again.
@bigeyes0x0 , can u not that the existing installer is using old link to csv.
New link is
https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv
@sfx2000 Thank you for your extensive reply. I know you're right. At least theoretically and technically. There are differences though, because in the EU we have (at least for now) different legislation. I've been a jr. security officer for one of the largest Dutch internet Service Providers for several years, even though it's some time ago, before 9/11 that is.
Tapping customer traffic at ISP level is still bound to very strict rules. It's some time ago it was my daytime job and things have changed, but they're still not allowed to do so without permission from a magistrate, judicial authorization is mandatory. Authorization will only be given if it involves a fellony punishable by at least a 4 years sentence. After 9/11 it has become somewhat easier to get a court order to do so, however taps are nowadays being placed using a mobile interception system owned by the Dutch National Police, configured and only accessible by a member of the cybercrime unit of the Dutch National Police. Even the ISP doesn't get to see the information intercepted (which wasn't the case when I did it back then, as I just gathered the info and had to upload it as an encrypted file to a dedicated server).
And you're right, this is beyond the scope of this thread and it's a complex subject. It's more a matter of trying to do what you can do, but I fully agree, it's not even close to waterproof... Our privacy is definitely at stake, but that's apparently for many the price they're willing to pay for (a false sense of) security.
Correct me if I am wrong. Following the thread for last few days, I get the idea that this tool is for experienced users only. And the developers or the current users do not have the time to write a tutorial on how to use it.
Correct me if I am wrong. Following the thread for last few days, I get the idea that this tool is for experienced users only. And the developers or the current users do not have the time to write a tutorial on how to use it.
Sent from my Moto G (5) Plus using Tapatalk
I have wrote a simple quick start in my first post.
https://www.snbforums.com/threads/dnscrypt-is-reborn.43869/
Add this along first line. ( all
Edited the post.Thanks for the effort @DonnyJohnny. Is it running as a daemon without issues now?
Edit: maybe there's something missing at the end? I see
Code:Add this along first line. ( all
in the last few lines in your instructions? Not sure what should have been there?
Edit 2: Might as well put a link to the installer thread as soon as it's finished, so people don't have to go through this entire thread to find out there's an installer to run it as a service...
EDIT: I dunno why my posts keep getting flagged for admin approval, can someone do something about it
ryzhov_al,New one is written in GO, which consumes too much resources on embedded systems
/tmp/home/root# dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize -R cisco
/tmp/mnt/sda1/asusware/sbin/dnscrypt-proxy: can't load library 'libsodium.so.18'
ryzhov_al,
Since the last firmware update 380.69_2 on AC66U, I'm not able to start dnscrypt:
Before updating the firmware, I checked if there's any package update before and nothing was updated
Installed packages:
dnscrypt-proxy - 1.9.5-7
dnscrypt-proxy-resolvers - 1.9.5+git-20170530-60baef4-7
libldns - 1.6.17-2
libsodium - 1.0.16-1
Any workaround ?
Thanks in advance
Since the last firmware update 380.69_2 on AC66U, I'm not able to start dnscrypt:
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
B | (solved) Dnscrypt blocked-names.txt automatically deleted upon modification | Asuswrt-Merlin | 4 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!