Advice Request DoH, DoT, DNSCrypt or DoQ?

Please provide comments and solutions that are helpful to the author of this topic.

DoH, DoT, DNSCrypt or DoQ?

  • DNS-over-HTTPS

    Votes: 8 47.1%

  • DNS-over-TLS

    Votes: 5 29.4%

  • DNSCrypt

    Votes: 1 5.9%

  • DNS-over-QUIC

    Votes: 3 17.6%
  • Total voters
    17
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
I just tested DoT these two days and I find it really slows down my laptop. After I disabled it my laptop really flies even when running double-hop VPNs

Not sure if even worth the while using it
 
  • Like
  • Thanks
Reactions: Venustus, Protomartyr and Kongo
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,630
If I could choose, I would in this order (UDP over TCP always).

1. DNS-over-QUIC
2. DNSCrypt
3. DNS-over-TLS
4. DNS-over-HTTPS

DoH is the worst possible option, unfortunately, it is the only thing, that browsers and the next Windows 10 support. It is still better than the default DNS, but ... . :cautious:
 
  • Like
  • Thanks
Reactions: Azure, Gandalf_The_Grey, Venustus and 3 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
TairikuOkami said:
If I could choose, I would in this order (UDP over TCP always).

1. DNS-over-QUIC
2. DNSCrypt
3. DNS-over-TLS
4. DNS-over-HTTPS

DoH is the worst possible option, unfortunately, it is the only thing, that browsers and the next Windows 10 support. It is still better than the default DNS, but ... . :cautious:
Click to expand...
UDP over TCP because it's faster?
 
  • Like
Reactions: Venustus, Protomartyr and TairikuOkami
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,139
TairikuOkami said:
If I could choose, I would in this order (UDP over TCP always).

1. DNS-over-QUIC
2. DNSCrypt
3. DNS-over-TLS
4. DNS-over-HTTPS

DoH is the worst possible option, unfortunately, it is the only thing, that browsers and the next Windows 10 support. It is still better than the default DNS, but ... . :cautious:
Click to expand...
DNSCrypt has quit and replaced by DoT

adguard.com

DNSCrypt has quit, but you needn’t worry (UPDATED)

The maintainer of DNSCrypt stopped supporting it, closed the repository on GitHub and put the domain on sale. The repository has already been cloned and is now maintained by Dyne. Unfortunately, they do not plan to add any new features, so DNSCrypt is abandoned in favor of the "DNS over TLS"...
adguard.com adguard.com
 
  • Like
  • Sad
Reactions: Venustus, Protomartyr, ForgottenSeer 85179 and 2 others
Kongo

Kongo

Level 36
Thread author
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
HarborFront said:
DNSCrypt has quit and replaced by DoT

adguard.com

DNSCrypt has quit, but you needn’t worry (UPDATED)

The maintainer of DNSCrypt stopped supporting it, closed the repository on GitHub and put the domain on sale. The repository has already been cloned and is now maintained by Dyne. Unfortunately, they do not plan to add any new features, so DNSCrypt is abandoned in favor of the "DNS over TLS"...
adguard.com adguard.com
Click to expand...
Isn't it still integrated in Yandex Browser?
 
  • Like
Reactions: Venustus and TairikuOkami
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,630
  • Like
  • Thanks
  • Wow
Reactions: HarborFront, Gandalf_The_Grey, Venustus and 3 others
TairikuOkami

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,630
Trismer said:
therefore DNS requests must be hidden in HTTPS traffic
Click to expand...
Encrypted DNS requests are all private, regardless of which option you choose. ISP will still see, that you are making requests to the particular DNS service, just via https, but ISP will not be able to tell, what you are requesting. DoH is just harder to block, but not impossible, if they wanted to. Still, without VPN, ISP will know to what IPs you have connected, most likely webpages as well. So much for privacy. The main advantage of encrypted DNS is, that they are better protected and can not be easily tampered with, DNSEC can be hijacked.

 

Attachments

  • capture_01102021_164726.jpg
    capture_01102021_164726.jpg
    366.5 KB · Views: 290
  • Like
  • +Reputation
Reactions: Thales, Venustus, Protomartyr and 5 others

Similar threads

Gandalf_The_Grey
    • Like
New Update DNS-over-QUIC is now an official standard
Replies
3
Views
1,467
VPN and DNS
silversurfer
silversurfer
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,050
General Security Discussions
Trident
Trident
Morro
    • Like
Advice Request I need some honest advice about which DNS server to pick in Portmaster Firewall.
Replies
2
Views
1,479
VPN and DNS
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top