Languages

User login
Create new account

Navigation

Recent donations

knife
donated € 40.00

Carole Piller
donated £ 20.00

hjgreulich
donated € 35.00

Monika05PL
donated PLN 11.50

knife
donated € 50.00

Donate now!

bc1q3t3vxjhd3dmvg3cfn24k4l7n4mf750utpp75hn

Submitted by Geshmy on Wed, 03/28/2018 - 17:51

dnscrypt-proxy

Please read and follow the Community Guidelines.

No replies

Wed, 03/28/2018 - 17:51

Geshmy

Offline

Joined: 04/23/2015

Anybody using dnscrypt-proxy in Trisquel. A couple of weeks ago I was trying to set it up in Debian but didn't quite get there. I discovered though that when my configurations broke the internet, TOR kept chugging away. So I assume TOR is using its own nameservers.

I am irritated that my ISP can watch my nameserver querries and therefore track every site I go to on the web. If I use TOR they are hindered from knowing anything but TOR doesn't seem viable for all uses; my bank won't let me login from a tor node for instance and large downloads wouldn't be recommended.

So, it looks like dnscrypt-proxy is the way to go although I thought I would use servers from this list: https://servers.opennic.org/ which I believe is doable though they aren't by default in the list dnscrypt-proxy brings with it. OpenDNS is a cisco service that practiced censorship (It wouldn't let me go to that dangerous web site https://tails.boum.org/ among others).

I'm in Trisquel 8 and dnsmasq runs by default. That confuses me, what's it good for using a simple and isolated desktop? I'm used to editing /etc/resolv.conf myself but dnsmasq takes that over. I believe though that wireshark shows dns querries are going to the name servers I set up in network manager for each connection. I just don't know where that is stored and how it's routed within my system.

Anyway, we talk a lot about privacy matters here but as far as I know, TOR is the only thing that I know how to use that would completely enforce my ISP to mind their own business. But if I can get dnscrypt-proxy working, then all nameserver requests will be encrypted over the internet and ISP should be blind then, heh, heh. Opps, maybe that's not true since ultimately a web site request has to go out to a specific IP address and they'll be able to log that. But at least dns querries are encrypted as they go through every node so only the ISP could glean a little data from my activity.

Any advice re setting it up? It is available in the Flidas repository. Does it run through dnsmasq? I'll read up before I try, any advice or suggested good links appreciated.