Advice Request What DNS client to use?

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 85179

n8chavez said:
DoH is, yes. DoT is not. As a whole, encryption is about security.
Click to expand...
Yes encryption means security but not this time.
Encrypted DNS doesn't harden your security in any way like DNSSEC or certificate pinning does for example.
Encrypted DNS "only" increase your privacy against "man in the middle".

I also doesn't say it's not needed as I use always encrypted DNS, but it's not what most people think it is.
You can read more at GrapheneOS Frequently Asked Questions (not GrapheneOS related)
 
  • Like
Reactions: bayasdev, oldschool and blackice
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SecurityNightmares said:
Yes encryption means security but not this time.
Encrypted DNS doesn't harden your security in any way like DNSSEC or certificate pinning does for example.
Encrypted DNS "only" increase your privacy against "man in the middle".

I also doesn't say it's not needed as I use always encrypted DNS, but it's not what most people think it is.
You can read more at GrapheneOS Frequently Asked Questions (not GrapheneOS related)
Click to expand...
A lot of people conflate the purpose of DNSSEC vs encrypted DNS. To be fair the information hasn't been disseminated well.
 
  • Like
Reactions: bayasdev, oldschool, Stopspying and 1 other person
SpiderWeb

SpiderWeb

Level 13
Verified
Top Poster
Well-known
Aug 21, 2020
608
ForgottenSeer 85179 said:
Yes encryption means security but not this time.
Encrypted DNS doesn't harden your security in any way like DNSSEC or certificate pinning does for example.
Encrypted DNS "only" increase your privacy against "man in the middle".

I also doesn't say it's not needed as I use always encrypted DNS, but it's not what most people think it is.
You can read more at GrapheneOS Frequently Asked Questions (not GrapheneOS related)
Click to expand...
In my opinion, the whole DNSSEC paranoia is redundant. The reason nobody cares about it is that HTTPS/TLS is doing exactly what DNSSEC is doing. It validates the servers and checks that this is the actual domain. If not, connection closed. TLS is superior to DNSSEC in that it requires far less effort to set up by the admin.

DNSSEC is really only important when you are using protocols other than HTTPS like email (SMTP). Your email provider/server needs to support DANE. But in browser, it would just duplicate what HTTPS is already doing and just add latency for nothing.
 
  • Like
Reactions: bayasdev and oldschool
bayasdev

bayasdev

Level 19
Verified
Top Poster
Well-known
Sep 10, 2015
901
I'm currently running Adguard Home in my router, it has a built-in DoH/DoT/DoQ/Dnscrypt and plain DNS client as well as adblocking and safe browsing features.

1631905898024.png

1631905920326.png

1631905939560.png

Compared to PiHole it has less dependencies so you can install it on any router running OpenWrt as long as you have at least 20MB free space and 100MB RAM.
Here's a guide: [HowTo] Running Adguard Home on OpenWrt
 
Last edited by a moderator:
  • Like
  • +Reputation
Reactions: The_King, oldschool and Gandalf_The_Grey

Similar threads

Divine_Barakah
    • Like
Advice Request Pivate DNS settings in browsers and Adgaurd Desktop
Replies
16
Views
881
General Privacy Discussions
rashmi
rashmi
X195
    • Like
Advice Request Help needed with DNS configuration
Replies
15
Views
973
AdGuard
Chuck57
Chuck57
silversurfer
    • Like
    • Applause
    • +Reputation
New Update AdGuard DNS now supports Structured DNS Errors. Here’s what it means
Replies
3
Views
392
AdGuard
franz
franz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top