Twiglets
Senior Member
For Information:
(from https://github.com/DNSCrypt/dnscrypt-proxy/issues/960 )
This means that if you are using DoT or DOH to communicate with the upstream server you are revealing *more* information than using DNSCrypt ONLY !!!
Specifically, 'cloudflare' does *not* support DNSCrypt so using Anonymized DNS does not give any gain over using DoT or DoH directly, until cloudflare supports DNSCrypt.*
*https://github.com/DNSCrypt/dnscrypt-proxy/issues/960#issuecomment-541847966
(from https://github.com/DNSCrypt/dnscrypt-proxy/issues/960 )
Anonymized DNS can be implemented on top of all existing encrypted protocols, but DNSCrypt is by far the simplest and most efficient instantiation.
It only adds a header with a constant sequence followed by routing information (server IP+port) to unmodified DNSCrypt queries. Implementing it on top of an existing DNSCrypt implementation is trivial.
The overhead is minimal. Unlike DoH where headers may still reveal a lot of information about the client's identity, Anonymized DNSCrypt, by design, doesn't allow passing any information at all besides the strict minimum required for routing.
This means that if you are using DoT or DOH to communicate with the upstream server you are revealing *more* information than using DNSCrypt ONLY !!!
Specifically, 'cloudflare' does *not* support DNSCrypt so using Anonymized DNS does not give any gain over using DoT or DoH directly, until cloudflare supports DNSCrypt.*
*https://github.com/DNSCrypt/dnscrypt-proxy/issues/960#issuecomment-541847966