What are /r/dnscrypt's favorite Products & Services?

From 3.5 billion Reddit comments

Thanks, you can find the stamps at https://www.quad9.net/quad9-resolvers.md

The most useful stamp is the first one, dnscrypt-ip4-filter-pri, followed by and -alt.

The DNS server you have set on your computer will be used, for your computer. The DNS server on your router is used by the router to resolve names so the router can do things like auto-update.

DNSCrypt encrypts all DNS traffic between the client and the DNSCrypt resolving server. So, if you setup a DNSCrypt client on your computer it will use whatever name server the DNSCrypt client is setup to use. There are many flavors of DNScrypt clients that all point to different secure resolvers.

Visit https://dnscrypt.info/faq/ for more info

Right now I have my Asus router setup as a VPN client accessing NordVPN for all devices on the network. At the moment I have no need for source routing and am not using Merlin.

The Pi-hole device is filtering for ads and malware, and DNSCrypt is encrypting and anonymizing my DNS requests. One drawback to this approach is that the RT-AX88U router is hardware limited to around 200Mbs throughput on a 600mbs ISP connection.

One question: Are there security drawbacks to this approach? For example, I am assuming that using Quad9 DNS with Anonymized DNSCrypt makes DNS leakage harmless from a security/privacy standpoint. But maybe I am wrong.

I also got this issue when I was downloading through torrents (Arch Linux torrents, of course ;)).

Fixed by both increasing the number like you did (seems like we settled for the same number lol) and also limiting the connections inside Deluge (the torrent software).

You can create your own DNS stamp for backends you explicitly want to use and define them manually in your config:

https://dnscrypt.info/stamps/

Then simply ignore the normal resolver list entries.

So DoH & DNSCrypt do same thing, but DNSCrypt have option to hide my IP too (The Anonymized DNS) & if i used one of them my ISP or anyone won't see my queries i mean in both cases it will be same thing (yeah sorry i have overthinking about this so i ask stupid things xD) also as a mod which one you will go if u care more about privacy & hiding yourself ? if you were me which one you will select ?

> You can also see the list here: https://dnscrypt.info/public-servers and click on server names to get details

daaaaamn, i never knew this xD (i mean click on name thing)

>Point #3 DNS latency regardless of where located. Yes, but latency is not distinct to dnscrypt-proxy. It is true with 100% of all computers regardless of dns system used.

So, DNS latency affects gaming latency? Maybe you can help me find a .ini file for this

There are many tutorials around about how to disable Windows 10 telemetry. Random one: https://winaero.com/blog/how-to-disable-telemetry-and-data-collection-in-windows-10/

Other software can have their telemetry blocked by blacklisting specific domain names, and I guess many of these are included in the "annoyances" blacklists.

That being said, telemetry is not always a bad thing. It really depends on what data is being collected. But I don't mind Adobe knowing what kind of hardware I have if that can help them optimize their software for it.

I'm not worried about it. Quad9 and dnscrypt just have differences in opinions about how long a key should be valid for. You could write to [email protected] or submit feedback at https://www.quad9.net/contact/ if you think it's a serious issue. They have been responsive to me in the past when needing to whitelist a site.

Thank you for your help and I agree with all of your comments. I will rethink my approach. It is amazing the increase in malware attacks this year:

https://www.quad9.net/quad9-sees-massive-growth-in-blocked-dns-volume/

To be honest some may think trying to address these issues is a bit "paranoid." But this is the reality we live in now.

Yeah, i have the same problem.
I havent test it like you, but some servers dont have DNSSec even though they displayed it in the list from dnscrypt.info.

cloudflare is the only one with dnssec.

1. Yes. Not only your ISP but anybody between you and the server. Such as people providing the WiFi connection at Starbucks.
2. If you use any encrypted DNS protocol, your ISP will not see the queries, unless they also run the DNS server you are connecting to.
3. DoH and DNSCrypt are different protocols, but they essentially do the same thing. You can't use both to connect to the same server as it wouldn't make sense. But you can use multiple servers simultaneously, independently from the protocols they support. Some servers support multiple protocols. `dnscrypt-proxy` doesn't care about the protocol and will just choose the fastest configuration for your network. Anonymized DNS (that hides your IP) requires a relay (from the `relays.md` list), and a server the supports DNSCrypt. It doesn't work with DoH.
4. All the servers from that list are support DoH and/or DNSCrypt. There are no plain, unencrypted servers in that list. You can also see the list here: https://dnscrypt.info/public-servers and click on server names to get details (and I know, the dialog that appears is a little bit ugly, I'll try to make it look better, eventually).

Only if you know which servers you want to connect to and your network doesn't change, than specifying server_names speeds up the initial connection. With this setting you limit the servers dnscrypt-proxy has to query to find the fastest server when starting.

Wireshark is a good piece of software that will help you accomplish this. There is a bit of a learning curve to using it and to know what you are looking at or where you need to be looking, but I use Wireshark a lot.

https://www.wireshark.org/#download

> Also when I want to use Mullvad VPN, do I have to disable DnsCrypt ?

No! In the Mullvad app go to settings->advanced (or whatever it's called in your language) and add 127.0.0.1 as a user-defined DNS server.

Sorry for posting in an old thread, OP, but I have the exact same setup and I also pay NordVPN, and recently I started getting a bit more worried about privacy and security. I would like to get a similar setup to yours.

Are you running the pi-hole and DNSCrypt all on the raspberry? And as for using NordVPN on the router, how did you implement it? A problem I had was that the specific servers I set it up on OpenVPN could be offline, and then I would be out of a connection. I also couldnt choose the country I was connecting to, which can be a problem on some cases. What is your approach to setting up NordVPN directly on the Asus?

Thank you. This was a very informative post. As far as paid VPNs, aren't they effective from a privacy standpoint - coupled with the use of Tor, obfuscated /double VPN servers,, etc- assuming they adhere to a no log policy? Would VPN Gate or Psiphon be necessarily more trustworthy in this respect?