blocky icon indicating copy to clipboard operation
blocky copied to clipboard
verified publisher icon 0xERR0R

Add dnscrypt as resolver

Open ptr1337 opened this issue 5 years ago • 9 comments

Since dnscrypt is getting more popular and used, a option to use that as resolver would be nice if possible. Also quic getting more popular.

Just some ideas. Thanks for your great work!

ptr1337 avatar Feb 26 '21 20:02 ptr1337

Thank you for your suggestions. I saw some articles regarding "DNS-over-QUIC", and as far as I know, there only one public DNS server available at the moment (adguard). Do you have more information about DoQ?

0xERR0R avatar Feb 26 '21 21:02 0xERR0R

https://github.com/ookangzheng/blahdns

This Project is really improving daily their service. really everything like you "want" :p

ptr1337 avatar Feb 26 '21 23:02 ptr1337

While Quic is interesting for sure, i would like to see DnsCrypt DNS stamps implemented for upstream configurations. https://dnscrypt.info/stamps-specifications/

mihakralj avatar May 07 '21 05:05 mihakralj

Also, NextDNS.Io now supports DoQ. They also have another feature: passing the device name as part of the DNS request, allowing their upstream DNS to perform better analytics and stats:

DNS-over-TLS

Prepend the name to the provided domain (the name should only contain a-z, A-Z, 0-9 and -). Use -- for spaces.

For "John Router", you would use John--Router-4e6e99.dns.nextdns.io as your DNS-over-TLS endpoint.

DNS-over-HTTPS

Append the name to the provided URL (the name should be URL encoded).

For "John's Firefox", you would use https://dns.nextdns.io/4e6e99/John's%20Firefox as your DNS-over-HTTPS endpoint.

mihakralj avatar May 07 '21 05:05 mihakralj

Also oDOH would be nice. there are also several Client written in go which can be implemented into blocky I think.

I have not learned go so far. Next thing to do :p.

ptr1337 avatar May 07 '21 09:05 ptr1337

For RethinkDNS (also based on golang), we extracted the relevant dnscrypt-proxy bits for queries over both tcp and udp with support for Anonymized Relays, which may come in handy as a reference: https://github.com/celzero/firestack/tree/rdns/intra/dnscrypt

Of course, it is a painful process to keep up with upstream, especially since our impl is stripped down of numerous features upstream continues to support. And so...

You may also want to consider this neat dnscrypt golang library by Andrey, CTO at AdGuard (though, I haven't looked at the code to know if it confirms to upstream reference implementation or if it supports Anonymized Relays): https://github.com/ameshkov/dnscrypt

ignoramous avatar Jul 30 '21 17:07 ignoramous

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Aug 04 '22 09:08 github-actions[bot]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Nov 03 '22 04:11 github-actions[bot]

Renamed the issue to focus on dnscrypt since there's a dedicated issue for DoQ: #650

ThinkChaos avatar Nov 16 '23 17:11 ThinkChaos