Advice Request What DNS client to use?

[JasonUK]

Quad9 gets my vote primarily as it's fast in my location and has malware/phishing filtering. NextDNS has a lot going for it too.

 

[Kongo]

Client guys... CLIENT!

 

[TairikuOkami]

It seems that it has not received updates in a while though.

Yes, it is currently at version 2.0.42, you can use an updated DNSCrypt Proxy 2.0.45, but with no GUI unfortunately, CMD setup might be challenging.

GitHub - DNSCrypt/dnscrypt-proxy: dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. - DNSCrypt/dnscrypt-proxy

github.com

 

[Divine_Barakah]

Yes, it is currently at version 2.0.42, you can use an updated DNSCrypt Proxy 2.0.45, but with no GUI unfortunately, CMD setup might be challenging.

GitHub - DNSCrypt/dnscrypt-proxy: dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. - DNSCrypt/dnscrypt-proxy

github.com

Yoga DNS is working perfectly for me. Thank for the recommendation btw.

 

[JasonUK]

Client guys... CLIENT!

Oops

I'm using Adguard for Windows currently but have used YogaDNS with both Quad9 (with a browser Ad-Blocker) & NextDNS (without). NextDNS' own client I found unreliable & crashed on WIndows 10.

 

[The_King]

Yes, it is currently at version 2.0.42, you can use an updated DNSCrypt Proxy 2.0.45, but with no GUI unfortunately, CMD setup might be challenging.

GitHub - DNSCrypt/dnscrypt-proxy: dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. - DNSCrypt/dnscrypt-proxy

github.com

I was easily able to extract DNSCrypt Proxy 2.0.45 over version 2.0.42 in C:\Program Files\bitbeans\Simple DNSCrypt x64\dnscrypt-proxy

Its seems to be working just fine. WIll need to test it further but it seems stable so far.

Spoiler

 

[Sunshine-boy]

CMD setup might be challenging..

Simple DNSCrypt

 

[Eggnog]

YogaDNS with NextDNS.

This is the sweet spot for me, as well. I had a whale of a time recently, though, with NextDNS not recognizing Microsoft services, i.e., network connection (did not affect actually connecting to the internet), weather, MS store, etc. In case anyone else has the problem I resolved it by adding www.msftconnecttest.com and dns.msftncsi.com to my NextDNS allow list. So far it's still purring right along.

 

[n8chavez]

I am not sure that this qualifies, but I use AdGuard for Windows which has the ability to bind DNS queries to a user-defined server. It seems to work nicely with ControlD and dns over https.

 

[ForgottenSeer 85179]

has the ability to bind DNS queries to a user-defined server

That's how DNS works and with every DNS service and program possible
You can do that also directly in Windows

 

[n8chavez]

That's how DNS works and with every DNS service and program possible
You can do that also directly in Windows

Correct. But not securely (yet). That function is in the testing ring. I wasn't sure what constituted a client because Adguard is not like YogaDNS, DNScrypt, nebulo, etc.

 

[Templarware]

I prefer to set DNS on my router than installing a third-party software.

 

[ForgottenSeer 85179]

But not securely (yet)

What did you mean? DNS changes on OS level need admin rights, so it is secure.

Using clients for DNS is insecure, increase attack surface and complexity/ instability.

 

[Divine_Barakah]

I stopped using NextDNS and I am currently using Adguard for Windows and it is working flawlessly with KTS. I have to mention that sometimes I notice high CPU usage from Adguard service.

 

[harlan4096]

I guess You disabled Anti-Banner and Private Browsing modules in KTS

 

[n8chavez]

What did you mean? DNS changes on OS level need admin rights, so it is secure.

Using clients for DNS is insecure, increase attack surface and complexity/ instability.

I mean that Windows does not yet allow for DoH or LoT at the OS level, but it will soon. It has nothing it do with admin rights, and everything to do with encryption.

 

[ForgottenSeer 85179]

I mean that Windows does not yet allow for DoH or LoT at the OS level, but it will soon. It has nothing it do with admin rights, and everything to do with encryption.

Adding upcoming DoH in Windows need admin rights too.

Still don't understand what you mean with secure.
Encrypted DNS isn't for security.

 

[n8chavez]

Adding upcoming DoH in Windows need admin rights too.

Still don't understand what you mean with secure.
Encrypted DNS isn't for security.

Sure it it. Any time something is encrypted you add security. So, I don't get your argument that encrypted DNS isn't for security when that is literally the point of encryption. Now, one can make the argument that encrypted DNS isn't needed, but that comes down to preference. Again, I'm talking about encrypted DNS, so I don't understand your fascination with local privilegesj. That's apples and oranges. One has nothing to do with the other.

 

[Kuttz]

Sure it it. Any time something is encrypted you add security. So, I don't get your argument that encrypted DNS isn't for security when that is literally the point of encryption. Now, one can make the argument that encrypted DNS isn't needed, but that comes down to preference. Again, I'm talking about encrypted DNS, so I don't understand your fascination with local privilegesj. That's apples and oranges. One has nothing to do with the other.

Encrypted DNS is all about privacy than security. You can still easily get infected by malwares despite sitting on an encrypted DNS configuration.

 

[n8chavez]

Encrypted DNS is all about privacy than security. You can still easily get infected by malwares despite sitting on an encrypted DNS configuration.

DoH is, yes. DoT is not. As a whole, encryption is about security.