https://www.opendns.com/about/innovations/dnscrypt/
https://simplednscrypt.org/
https://www.dnscrypt.org/#about
https://wiki.archlinux.org/index.php/DNSCrypt
https://edhull.co.uk/blog/2017-08-07/dnscrypt-pihole
DNSCrypt is a piece of lightweight software that everyone should use to boost online privacy and security. It works by encrypting all DNS traffic between the user and OpenDNS, preventing any spying, spoofing or man-in-the-middle attacks.
One thing to do with the same time as a result 6th grade of my friends
>>61867382
But it only obscures the dns requests. Connections to websites can still be logged by isps and intruders. MitM is already mitigated by https and htst. Rather than try to push for millions of users to install dnscrypt for reasons they don't understand, you should urge the thousands of webhosters to adopt dnssec and htst.
>>61867684
>you should urge the thousands of webhosters to adopt dnssec and htst.
>implying this is even remotely possible
besides DNSSEC is not an encryption protocol
>>61867822
If the objective is privacy, DNScrypt fails completely. The name requests might be encrypted, but it's still obvious to any observer what servers you're connecting to.
If the objective is security, DNScrypt works fine against MitM spoofing attacks, but so do DNSsec and most importantly HTST. It seems to me that it makes more sense for administators of these sites to adopt these technologies once than to urge users to install DNScrypt on all devices (for example, installing on android/ios requires root access or jailbreak)
I'm not saying DNScrypt is obsolete, but I'm saying it's unrealistic to expect the masses to flock to it when it's only an easy set-up on desktop computers and when standards that protect them from the same threat can be implemented on the server side.
>>61868290
if the objective is avoid blocking(yes, i lived in 3rd world country where porn is blocked), it succeeded