>DNS encryption was a huge step towards making DNS more secure, preventing intermediaries from recording and tampering with DNS traffic.
>However, one still has to trust non-logging DNS servers for actually doing what they pretend to do. They obviously see the decrypted traffic, but also client IP addresses.
>In order to prevent this, using DNS over Tor or over proxies (HTTP, SOCKS) has become quite common. However, this is slow and unreliable as these mechanisms were not designed to relay DNS traffic.
>A new step towards making DNS more secure has been made. Today, I am thrilled to announce the general availability of Anonymized DNSCrypt, a protocol that prevents servers from learning anything about client IP addresses.
>Available in dnscrypt-proxy now!
https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt https://www.reddit.com/r/dnscrypt/comments/dhoxah/anonymized_dns_is_here/
all these attempts to make DNS more secure are retarded you fucking nignogs. dnssec and this retarded clusterfuck of "encrypted" DNS memes are all garbage and bloat. it's bad enough that we have to use DNS in the first place.
protip: nothing of importance ever actually required DNS to be "secure" in the first place
That's actually pretty nice.
I mean, think about it:
a) Use some public DNSCrypt server as a server
b) Use a relay of your own (like a VPS somewhere)
Now even if glowers seize your relay, they won't know what you did look up unless they seize the server too and manage to get the unencrypted logs (compromising the short-term server key pretty much on the fly seems unlikely), and let's be honest here - it is highly unlikely it's going to be that bad, and the threat isn't about this - it's about greedy corporations datamining your DNS requests passively; and you don't even have to use your private relay if public ones are going to be available.
>use some arbitrary magic to wrap dnscrypt queries into queries for relays
TBH it seems so straightforward that I wonder if some haXors have been doing it for a while know, like, for personal privacy purposes, not for some illegal stuff.
>using DNS over Tor or over proxies (HTTP, SOCKS) has become quite common. However, this is slow and unreliable as these mechanisms were not designed to relay DNS traffic.
no, it's not
DNS over Tor works great, I will continue to use it while flushing your CIA alternative into the toilet
>>8135 DNS is a piece of shit protocol that gives you some bullshit arbitrary string as an answer to some queries you do, like A, NS, etc. I think YOU don't know what DNS means since you're defending the idea of this retarded trash having some notion of """security and privacy""".
>>8295 >these mechanisms were not designed to relay DNS traffic.
what the actual fuck are you talking about? anyway, it doesn't matter. DNS is not meant to work and Tor is only a stopgap measure until the web finally dies
>However, one still has to trust non-logging DNS servers for actually doing what they pretend to do. They obviously see the decrypted traffic, but also client IP addresses.
>In order to prevent this, using DNS over Tor or over proxies (HTTP, SOCKS) has become quite common. However, this is slow and unreliable as these mechanisms were not designed to relay DNS traffic.
>A new step towards making DNS more secure has been made. Today, I am thrilled to announce the general availability of Anonymized DNSCrypt, a protocol that prevents servers from learning anything about client IP addresses.
>Available in dnscrypt-proxy now!
https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt
https://www.reddit.com/r/dnscrypt/comments/dhoxah/anonymized_dns_is_here/