>not using DNS Crypt You retards know that your DNS look

File: dnscrypt.png (41KB, 1323x207px) Image search: [Google]

41KB, 1323x207px

Don't worry anon, I'm using it.

>>58890323
>adding all that latency at the DNS resolving stage just to satisfy some tinfoil fantasies

No thanks. I don't have time to wait for several seconds just for a webpage to even start getting downloaded.

File: DNS.png (50KB, 598x619px) Image search: [Google]

50KB, 598x619px

>>58890759
You are a total fucking moron. 127.0.0.1 is DNSCrypt using OpenDNS servers. As you can see it is barely slower than using regular OpenDNS.

FUCKING IDIOT

File: YippieKaiyae.gif (1MB, 232x158px) Image search: [Google]

1MB, 232x158px

>>58890323
I'm not sure what you just got me to do, but I went from 'Mediocre' to "Excellent' in the GRC Nameserver Spoofability Test. Thank you for guiding me out of mediocrity.

>>58890759
>yfw you have no idea what something is, have never tried it, but want to sound superior anyways.

>>58890323
Seems like a fairly reasonable idea to set up a dnscrypt client on my router.

>>58890323

If my VPN provider routes all DNS requests do I still need dnscrypt?

I am running it, but I'm wondering if it is redundant.

File: 1458806129703.png (19KB, 256x256px) Image search: [Google]

19KB, 256x256px

>>58890323
Yandex Browser has it built in. No need to fuck around with shit.

well, I have no choice but to use dnscrypt.
in my country, religious government is blocking internet goodies by controlling isp dns resolver.

This thread is for idiots. Real men use FreeBSD and store their DNSs locally.

>>58896242
>>If my VPN provider routes all DNS requests do I still need dnscrypt?
You shouldn't, assuming your provider is anything resembling competent.

>>58896338
Go away, Putin.

>>58896338
Huyandex!
This is fucking shit with tons of adwares and backdoors.

>>58890323

i dont get it, what exactly can happen and why and how exactly does dns crypt prevent it?

File: 1471552808605.jpg (33KB, 1200x900px) Image search: [Google]

33KB, 1200x900px

>>58896568
fuck off NSA.

>>58896776
>tons of adwares and backdoors
nice try CIA NIGGER.

Yandex Browser is by fat the most secure of chromium-based browsers.

>>58896789
Because DNS requests are made in the clear (unencrypted) a third party can fairly easily intercept the requests and return a spoofed response that would result in your network traffic being directed to a different server than the one you were wanting to go to.

Clearly it would be used for all sorts of malware.

>>58896384
DNS needs updating. You will be vulnerable whenever you update your DNS tables.

>>58897287
>>58897295
So, how would one go about preventing the ISP from intercepting and logging internet traffic? Is it even possible to a reasonable extent?

>>58897287

please give me a full technical rundown on how this all works exactly. "DNS requests are made in the clear" doesnt mean much at all.
Who makes what request and how is it transmitted exactly in what format to which router and why and why can that be spoofed where and when and how does dnscrypt prevent that from happening how with which crypto algorithm

so you're saying that if i type in google.com, somehow somebody can make me visit blackdicks.com instead? yes?
how does he do that, it will still show up as google.com in my browser? or not?
explain how it will all look when it's exploited.
also explain if this is something every user has to install on his own machine or a server admin can improve his infrastructure.

>>58897439
>>58897287

also please relate all this to dnssec and tell me where to inspect browser dns updates so i can see live how they work.
please provide a sample script or sample server that will show this exploit live so i can see it for myself on my machine.

just saying "omg dnsscrypt is important guysz" is not nearly good enough. Prove to me that this can hurt me for real on my machine

>>58897439
>>58897472
Download wireshark and look for yourself.

>>58897439
nobody's gonna take the time to spoonfeed you
open google and type your question in, you will know how shit works by the evening

>>58897342
VPNs.

>>58897498
Would a different DNS provider like OpenNIC help?

>>58897439
>>58897472
Faggot, why don't you just educate yourself instead of asking people to spoonfeed you?

DNScrypt + pdnsd with persistent cache is the GOAT setup.
It even decrease latency because caching.

>>58897517

but i spoonfed you people and educated you on how to make a proper issue report.
somebody made this thread and complained about a supposed security issue.
I told him to prove it and explain it, apparently that is already too hard.

>>58897508
No.

>>58897439
>so you're saying that if i type in google.com, somehow somebody can make me visit blackdicks.com instead? yes?
Yes.
>how does he do that, it will still show up as google.com in my browser? or not?
No, it will show up as google.com. The IP address returned when you requested google.com would have been the IP address for blackdicks.com instead.
>explain how it will all look when it's exploited.
It could be invisible. A carefully crafted google clone page that would submit your data through to the real google page after stealing it of course.
>also explain if this is something every user has to install on his own machine or a server admin can improve his infrastructure.
It can be set up on routers, OpenWRT for example.

I run my own DNS server with Unbound directly talking to the root servers via my VPN.

>>58891238
OpenDNS is also slow as fuck. Are you brain damaged?

>>58897720
Care to elaborate?

>>58898812
Using another DNS server still uses the same DNS request protocol, which is in the clear so can be MITMed.

Whats the difference when i just manually change dns addresses in wifi settings?

>>58899590
What server you use is completely irrelevant since the traffic is all plain text shit anyway.
That's why you install DNScrypt and a local DNS server with caching and set said server as the only DNS server in router settings.
Also, read the fucking thread.

>>58899628
thanks fampai