[Dnsmasq-discuss] DNSCrypt - the big picture
Lonnie Abelbeck
lists at lonnie.abelbeck.com
Fri Feb 7 12:42:00 GMT 2014
DNS Gurus,
With all the excellent work on DNSSEC, I'd like to get this list's thoughts on the merits of using DNSCrypt.
http://dnscrypt.org/
I cross-compiled dnscrypt-proxy 1.3.3 together with libsodium 0.4.5 from source, and it works splendidly with our beloved dnsmasq.
FYI, I started dnscrypt-proxy as:
$ dnscrypt-proxy -d --local-address 127.0.0.1:2053 -p /var/run/dnscrypt-proxy.pid
And configured dnsmasq as:
--
#resolv-file=...
no-resolv
server=127.0.0.1#2053
--
But, stepping back from the trees to the forest, is DNSCrypt a solution we all should consider using, or is it more of a security "feel good" measure ?
I admit is is nice to know that no-one is silently altering DNS queries/responses in transit to a trusted DNS server, but is that being overly paranoid ?
Appreciate any comments...
Lonnie
More information about the Dnsmasq-discuss
mailing list