Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Sun Apr 15, 2018 7:08 Post subject:
well... i guess in DD_WRT if you remove DNSmasq it will be a mess..
Honestly i do want to know the same question how to take advantage of 1.1.1.1 options TLS or HTTPS on DD-WRT router..
so far on the high grade DD-WRT routers i do have DNScrypt, but on lower grade routers there is nothing like... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
well... i guess in DD_WRT if you remove DNSmasq it will be a mess..
Honestly i do want to know the same question how to take advantage of 1.1.1.1 options TLS or HTTPS on DD-WRT router..
so far on the high grade DD-WRT routers i do have DNScrypt, but on lower grade routers there is nothing like...
Cloudflare DNS is the fastest DNS service available right now and it doesn't support DNSCrypt, only DNS over TLS and DNS over HTTPS.
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Sun Apr 15, 2018 10:18 Post subject:
naah DNScrypt is different DNS resolving technique than DoT or DoH where DNS requests are encrypted from the router side to the DNScrypt resolver...and returned answer is encrypted too..
DNScrypt resolvers have an encryption key exchange with the router side and the one i use has DNSSEC support too, witch is a kind of an secure verification too...
I do not use ISP DNS services and i prefer DNScypt resolvers...if possible...
1.1.1.1 is not the fastest DNS resolver everywhere, but yes, it has some speed, they also keep some data for statistic use only too...
I also use on my lower flash ram routers 9.9.9.9 or 1.1.1.1 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Thu Sep 05, 2019 16:59; edited 1 time in total
naah DNScrypt is different DNS resolving technique where DNS requests are encrypted from the router side to the DNScrypt resolver..
DNScrypt resolvers have an encryption key and the one i choose has DNSSEC support too witch is a kind of an encryption too...
I do not use ISP DNS services and i prefer DNScypt resolvers...if possible
1.1.1.1 is not the fastest DNS resolver everywhare but yes it has some speed, they also keep some data too...
I also use on my lower flash ram routers 9.9.9.9 or 1.1.1.1
I didn't say they are the same, just that it's not supported by CloudFlare.
In addition, the maintainer of DNSCrypt stopped supporting it, closed the repository on GitHub and put the domain on sale.
The repository has already been cloned and is now maintained by Dyne and they do not plan to add any new features, so DNSCrypt is abandoned in favor of the "DNS over TLS" standard.
Unlike DNSCrypt, "DNS over TLS" has an RFC standard and this is actually a serious advantage. With standardization, operating system manufacturers can provide implementations in every platform, and in fact, it's already in progress on Android.
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Thu Nov 01, 2018 12:34 Post subject:
eturk wrote:
any progress on DNS-over-TLS?
would like to use it with 1.1.1.1 Cloudflare DNS
yep it will be cool to see it on router level...
so far i have DNSCrypt & DNSSEC on my high grade DDWRT routers only
on my low grade routers i just use 9.9.9.9 or 1.1.1.1 DNS resolvers and in my Advanced DNSmasq
also i use this Ffx resolver https://dns9.quad9.net/dns-query
as i use 9.9.9.9 in my DNSmasq and it supports DoH _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Im running Firefox w/built in DNS over Https. They are working in conjunction with Cloudflare!....
I lost interest in FF years ago but now it rocks!..its my main browser. There are links to setup FF w/DOH,just google it. Right now its basically in testing phase but its working fine!
d
naah DNScrypt is different DNS resolving technique where DNS requests are encrypted from the router side to the DNScrypt resolver..
DNScrypt resolvers have an encryption key and the one i choose has DNSSEC support too witch is a kind of an encryption too...
I do not use ISP DNS services and i prefer DNScypt resolvers...if possible
1.1.1.1 is not the fastest DNS resolver everywhare but yes it has some speed, they also keep some data too...
I also use on my lower flash ram routers 9.9.9.9 or 1.1.1.1
I wouldn't trust cloudflare at all. There has to be some catch to them providing those services for free for the most part. They are in the perfect position to be able to MITM all traffic "protected" by their cloudflare services. They are either harvesting data to sell off to the highest bidder to pay for these services, or are being funded by if not a front of some of the 3 letter govt agencies to get access to MITM traffic.
The service is free for users but they charge corporations for their services. They also have an Auditor that confirms all quires are deleted after 24hrs. Ya you can take that with a grain of salt but you have to trust someone...cough..google...cough
Joined: 16 Nov 2015 Posts: 6436 Location: UK, London, just across the river..
Posted: Sat Nov 10, 2018 0:20 Post subject:
among 8.8.8.8 , 1.1.1.1 and 9.9.9.9 i choose quad9 i whiresharked all of them
but yep you have to choose who to trust and i dont trust GGl at all especially chrome
otherwise on my high grade routers i use DNScrypt instead _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913