DNSCrypt

[xyzdev]

Does anyone use DNSCrypt?

I know about the command-line variant but recently i came across this tool, called SimpleDnsCrypt, which seems to ease the process of setting up DNSCrypt. The thing is, it doesn't work on my machine. I would like to know if someone is using it without any problems or if there's anyone who is using DNSCrypt as i am interested to learn some more things about it.

Maybe there's even someone who uses DNSCrypt + unbound for the cache who can leave some feedback?

[emerglines]

I use it try this:

https://support.opendns.com/entries/61744244-how-to-install-dnscrypt-proxy-1-4-3-with-DNSCryptWin-v0-0-6-

[mazigh]

I used it on Win 8.1 and it worked fine, but recently shortly tried Win 10 then came back to Win 7 and installed it again but it did not work as it tell me I'm missing a file.., my OS is the latest Win 7 build from Generaion2

Here is the error:

[xyzdev]

I use it try this:

https://support.opendns.com/entries/61744244-how-to-install-dnscrypt-proxy-1-4-3-with-DNSCryptWin-v0-0-6-

Yes, i tried that one and it works. Do you also use unbound or you just stick with DNSCrypt?

I used it on Win 8.1 and it worked fine, but recently shortly tried Win 10 then came back to Win 7 and installed it again but it did not work as it tell me I'm missing a file.., my OS is the latest Win 7 build from Generaion2

Here is the error:

In your case that error is easy to solve, it's related to Microsoft Visual C++ Redistributable Package. Go here and download it, you should be good to go after that.

In my case, i'm using Windows 10 x64, the application installs without any problems but it doesn't launch, nothing happens when i click on it.

[emerglines]

Yes, i tried that one and it works. Do you also use unbound or you just stick with DNSCrypt?

Just, DNSCrypt alone, never used unbound, Cause I do some config on IPSec.

[xyzdev]

Thanks for your input.

Does someone else use the SimpleDnsCrypt application or is everyone using the command-line variant? I'm trying to figure out why the application doesn't work on my system, apparently it does work on some, from what i've seen online.

[Holmes]

Why encrypt your dns I never have I just never thought about it now I am. Is this going to turn into a tor problem tor is sllow from encrypting all of your searches while your searching if you have a alot of dns entries is it going to slow your performance down to encrypt itself.

[xyzdev]

Not really, you should not even notice it when it's running on the background. You can try it for yourself, you can also take a test here. Do a test before running DNSCrypt, then do a test with it running... and you will see the results for yourself.

If you're not into on how to configure it you can try some available gui-based variants, the one i posted on the first post, for example, and see if it works for you.

[emerglines]

Read this:

https://www.reddit.com/r/sysadmin/comments/2hn435/dnssec_vs_dnscrypt/

P.S: DNSCrypt doesn't encrypt your dns request, it just assure your dns request get and go to the right server requested, it's a spoof protection protocol that support DNS architecture to get authenticatied correctry from both sides, user to server and backward.

[xyzdev]

Yea, i'm getting into it. Shame that SimpleDnsCrypt doesn't work on me because it seems a really good application.

What about the servers that we've available in the .csv file, they're all encrypted ones? I saw at PIA website that they don't recommend using Cisco, Nawala, or OpenDNS servers.

[emerglines]

Yea, i'm getting into it. Shame that SimpleDnsCrypt doesn't work on me because it seems a really good application.

What about the servers that we've available in the .csv file, they're all encrypted ones? I saw at PIA website that they don't recommend using Cisco, Nawala, or OpenDNS servers.

Good question, you need to encrypt both backend, I mean VPN or IPSec, then you can use DNSCrypt, about openDNS servers and such they usually leaking info to third parties, (govs and such) so make sure to encrypt ends, than add your own DNSCrypt server to check both sides DNS resolvers..

[xyzdev]

If i understood correctly all we need to do is to choose a server and then setup 127.0.0.0 on the IPv4 network settings IF we use the manual way - for example the link you provided on post #2. Because if we use a gui variant - at least the ones i've tried - they do this process automatically. That's the reason why i'd like to test the SimpleDnsCrypt tool, as it seems to ease all the process.

Still learning though, but the github you provided seems to have valuable information.

[christantoan]

I use it on Windows 10 x64. It launch normally here. Though before seeing your post I used command line method.

Here's what I used for setting DNS Server on my Network Adapter automatically

ipconfig /flushdnsnetsh interface IPv4 set dnsserver "Ethernet" static 127.0.0.1 both nonetsh interface IPv4 set dnsserver "Wi-Fi" static 127.0.0.1 both noipconfig /flushdns

And what I used to return it to DHCP (as my Univ network requires it)

ipconfig /flushdnsnetsh interface IPv4 set dnsserver "Ethernet" dhcpnetsh interface IPv4 set dnsserver "Wi-Fi" dhcpipconfig /flushdns

[straycat19]

Your chances of running into a Spoofed DNS server are so slight that it isn't worth your time and trouble trying to set it up. If it was a real problem, development of dnscrypt wouldn't have ended in 2013.

[christantoan]

Your chances of running into a Spoofed DNS server are so slight that it isn't worth your time and trouble trying to set it up. If it was a real problem, development of dnscrypt wouldn't have ended in 2013.

Actually, most of ISPs here use Transparent DNS Proxy for censorship/blocking purpose. That's why some of us need DNSCrypt to make sure we use DNS server we want.

And the development hasn't stopped yet, though I guess it slowed down. Last commit is 9 days ago and last release is 4 months ago

[bonbonboi]

it comes with no GUI, still there is a GUI for it, once you configre it with that GUI you ready to go, no need to change any settings. Most issues comes when your chosen DNS server is down or slow, then you need again to launch that GUI and choose another DNS server, that's all.

[jamesDDI]

Hi, now works for you?

[xyzdev]

Thanks guys, for your answers.

The application is working now!

About the development and about if it really encrypts the queries, well, i see a lot of people recommend it even VPN companies such as PIA, etc so i don't think all this effort is in vain.

[emerglines]

Thanks guys, for your answers.

The application is working now!

About the development and about if it really encrypts the queries, well, i see a lot of people recommend it even VPN companies such as PIA, etc so i don't think all this effort is in vain.

That's a regulated DNSSEC server, great it works for you, fire your wireshark and see how the requests goes between you and the server, to understand how it works.

[xyzdev]

What do you mean by regulated?

I've tried Wireshark but i'm not that pro to understand all the logs. Tried to filter "udp.port==53" but it doesn't show nothing while using it.

[emerglines]

What do you mean by regulated?

I've tried Wireshark but i'm not that pro to understand all the logs. Tried to filter "udp.port==53" but it doesn't show nothing while using it.

All DNS traffic is passing trought 443, however, regulated means clocked, a good server, not monitored by govs :)

[mazigh]

I use it try this:

https://support.opendns.com/entries/61744244-how-to-install-dnscrypt-proxy-1-4-3-with-DNSCryptWin-v0-0-6-

Yes, i tried that one and it works. Do you also use unbound or you just stick with DNSCrypt?

I used it on Win 8.1 and it worked fine, but recently shortly tried Win 10 then came back to Win 7 and installed it again but it did not work as it tell me I'm missing a file.., my OS is the latest Win 7 build from Generaion2

Here is the error:

In your case that error is easy to solve, it's related to Microsoft Visual C++ Redistributable Package. Go here and download it, you should be good to go after that.

In my case, i'm using Windows 10 x64, the application installs without any problems but it doesn't launch, nothing happens when i click on it.

Thanks it is now working fine

[xyzdev]

Thanks for all the information, emerglines.

Thanks it is now working fine

Don't forget to select your Network card, otherwise it won't use the resolver.

[hamedjoon]

Hi why secondary resolver is disabled how to enable it?

[xyzdev]

Its not yet available, but it'll in a future release.