[Dnsmasq-discuss] DNSCrypt - the big picture

Lonnie Abelbeck lists at lonnie.abelbeck.com
Fri Feb 7 12:42:00 GMT 2014


DNS Gurus,

With all the excellent work on DNSSEC, I'd like to get this list's thoughts on the merits of using DNSCrypt.
http://dnscrypt.org/

I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from source, and it works splendidly with our beloved dnsmasq.

FYI, I started dnscrypt-proxy as:

$ dnscrypt-proxy -d --local-address 127.0.0.1:2053 -p /var/run/dnscrypt-proxy.pid

And configured dnsmasq as:
--
#resolv-file=...
no-resolv
server=127.0.0.1#2053
--

But, stepping back from the trees to the forest, is DNSCrypt a solution we all should consider using, or is it more of a security "feel good" measure ?

I admit is is nice to know that no-one is silently altering DNS queries/responses in transit to a trusted DNS server, but is that being overly paranoid ?

Appreciate any comments...

Lonnie




More information about the Dnsmasq-discuss mailing list