Menu
What's new
By:
Filters Better Search

DNSCrypt Necessary or not?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RMerlin said:
DNSSec and DNSCrypt are both complementary, they are not competitive. They both address different security aspects.
Click to expand...

I probably won't be that popular here on this thread...

DNSCrypt is non-standard - what I find odd is that after 10 plus years, why haven't they approached the IETF? If not as a RFC submission, at least as an Internet Draft.

It does beg the question - They have not done this...

Why is this important?

Interoperability across different platforms, both on the client and server sides.

DNS over TLS (and it's cousin DNS over HTTPS) pretty much do the same thing in a cleaner and more elegant manner...

Both DoH and DoT are standards-based...

DoH - https://datatracker.ietf.org/doc/html/rfc8484

DoT - https://datatracker.ietf.org/doc/html/rfc7858

DNSSEC is still out there, and adoption is picking up across the 'net
 
sfx2000 said:
I probably won't be that popular here on this thread...

DNSCrypt is non-standard - what I find odd is that after 10 plus years, why haven't they approached the IETF? If not as a RFC submission, at least as an Internet Draft.

It does beg the question - They have not done this...

Why is this important?

Interoperability across different platforms, both on the client and server sides.

DNS over TLS (and it's cousin DNS over HTTPS) pretty much do the same thing in a cleaner and more elegant manner...

Both DoH and DoT are standards-based...

DoH - https://datatracker.ietf.org/doc/html/rfc8484

DoT - https://datatracker.ietf.org/doc/html/rfc7858

DNSSEC is still out there, and adoption is picking up across the 'net
Click to expand...
I do not recommend any protocol over the other, It is a bit up to the user on what DNS servers they want to use(How close they are and protocols they support and trust)
In Merlin firmware we have the ability to use most of them ;).
Think the developer of dnscrypt-proxy has talked more then a few times about making the dnscrypt protocol a IETF standard (It takes a lot of time and cost money, would require a team of people helping out and funding)
But the dnscypt protocol has a complete specification since 2013 and was made for DNS (Good enough for me but maybe not for others).
In Merlin firmware we have DoT available :)
And via AMTM we have:
DNSCrypt-proxy v2 has support for DoH ODoH DNSCrypt and Anonymized DNSCrypt via Asuswrt-Merlin-dnscrypt installer
Adguard home supports DoT DoH DoQ and DNSCrypt via Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)
Unbound supports DoT, But is better used for making you your own DNS server, not encrypted but it has nice security features and use a large cache for fast lookups.

DNSCrypt - FAQ - DNSCrypt vs DoH

DNSCrypt vs DoH - A comparison of options for secure DNS.
dnscrypt.info
I have used DoT DoH DoQ ODoH and DNSCrypt, At the moment i use Anonymized DNSCrypt with DNSSec (Relays to remove my ip for the DNS servers)
All the solutions above offer the same practical security level. Compatibility with existing tools and infrastructure is what makes an actual difference
Click to expand...
From what i know dnscrypt is available on most platforms and have a lot of servers to choose from, Quad9 Cleanbrowsing Cisco(OpenDNS) and many vpn providers support it.
 
Last edited:
Zastoff said:
Think the developer of dnscrypt-proxy has talked more then a few times about making the dnscrypt protocol a IETF standard (It takes a lot of time and cost money, would require a team of people helping out and funding)
Click to expand...

As a former member of IETF, it takes no "money" or "Funding" to get something through the process. It takes one person to write an Internet Draft, convince a working group to add it to the agenda, and convince others to review and contribute.

The people that worked DoT and DoH did just that...

At the end of the day, I really don't care - I do find it odd that some folks resent DoT/DoH, and then want to implement DNScyrpt.
 
sfx2000 said:
As a former member of IETF, it takes no "money" or "Funding" to get something through the process. It takes one person to write an Internet Draft, convince a working group to add it to the agenda, and convince others to review and contribute.
Click to expand...
If this could become an RFC:

RFC 1149: Standard for the transmission of IP datagrams on avian carriers

This memo describes an experimental method for the encapsulation of IP datagrams in avian carriers. This specification is primarily useful in Metropolitan Area Networks. This is an experimental, not recommended standard.
datatracker.ietf.org datatracker.ietf.org

Then there is no excuse beside not wanting to...
 
You must log in or register to reply here.

Similar threads

S
Solved New ISP - WAN Setup - Will not work with custom WAN DNS - dnsmasq.conf
Replies
1
Views
170
stilltravelling
S
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
S
Moving DHCP to Pi-Hole
Replies
2
Views
1K
Scott Kaforey
S
F
Solved DNS Director AX88U Pro
Replies
8
Views
873
fotingo
F
B
Proper DNS setting?
Replies
16
Views
5K
drinkingbird
drinkingbird
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4
L is enabling firewall necessary (same for upnp) when on a provider with cgnat? Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 533 (members: 18, guests: 515)
Top