Is pic related really needed even if I got setup "authoritative DNS" on dd-wrt?
>>61636998
not really unless you are autistic.
I always wanted to know something: Let's say we have the following scenario:
- Modem is hacked, someone changed the DNS to some shady DDNS server.
- Router is not hacked. It has authoritative DNS.
What happens?
Will the connection get contaminated or whatever due to the bad dns on the modem?
If so, what if I also add dnscrypt to the router?
>>61637254
Well, if the modem is hacked and its DNS changed, but the router is using its own DNS, then you're simply safe.
You can add dnscrypt to the router, but in the end, it's the same situation. You will add additional layer of privacy/obscurity and won't improve security.
>>61637355
Why not?
And why do you consider dnscrypt "obscurity"?
why not just run dnscrypt-proxy on each client
>>61637786
Phones and tablets can't do that unless you do some uvercomplicated stuff like jailbreak/root.
DNSCrypt authenticates DNS queries to DNS servers that have it like OpenNIC non-logged name servers, DNSSEC authenticates DNS queries to root name servers, Unbound is a DNS resolver, and the NSD authoritative name server.
DNSCrypt directing to an OpenNIC name server
or
Unbound directing to your own instance of NSD and enabling DNSSEC on that instance
or
Unbound with DNSSEC enabled
What strategy is the best?