Not using DNS Crypt

>not using DNS Crypt

You retards know that your DNS lookups can be easily spoofed without you knowing, right?

dnscrypt.org/

Don't worry user, I'm using it.

>adding all that latency at the DNS resolving stage just to satisfy some tinfoil fantasies

No thanks. I don't have time to wait for several seconds just for a webpage to even start getting downloaded.

You are a total fucking moron. 127.0.0.1 is DNSCrypt using OpenDNS servers. As you can see it is barely slower than using regular OpenDNS.

FUCKING IDIOT

I'm not sure what you just got me to do, but I went from 'Mediocre' to "Excellent' in the GRC Nameserver Spoofability Test. Thank you for guiding me out of mediocrity.

>yfw you have no idea what something is, have never tried it, but want to sound superior anyways.

Seems like a fairly reasonable idea to set up a dnscrypt client on my router.

If my VPN provider routes all DNS requests do I still need dnscrypt?

I am running it, but I'm wondering if it is redundant.

Yandex Browser has it built in. No need to fuck around with shit.

well, I have no choice but to use dnscrypt.
in my country, religious government is blocking internet goodies by controlling isp dns resolver.

This thread is for idiots. Real men use FreeBSD and store their DNSs locally.

>>If my VPN provider routes all DNS requests do I still need dnscrypt?
You shouldn't, assuming your provider is anything resembling competent.

Go away, Putin.

Huyandex!
This is fucking shit with tons of adwares and backdoors.

i dont get it, what exactly can happen and why and how exactly does dns crypt prevent it?

fuck off NSA.

>tons of adwares and backdoors
nice try CIA NIGGER.

Yandex Browser is by fat the most secure of chromium-based browsers.

Because DNS requests are made in the clear (unencrypted) a third party can fairly easily intercept the requests and return a spoofed response that would result in your network traffic being directed to a different server than the one you were wanting to go to.

Clearly it would be used for all sorts of malware.

DNS needs updating. You will be vulnerable whenever you update your DNS tables.

So, how would one go about preventing the ISP from intercepting and logging internet traffic? Is it even possible to a reasonable extent?

please give me a full technical rundown on how this all works exactly. "DNS requests are made in the clear" doesnt mean much at all.
Who makes what request and how is it transmitted exactly in what format to which router and why and why can that be spoofed where and when and how does dnscrypt prevent that from happening how with which crypto algorithm

so you're saying that if i type in google.com, somehow somebody can make me visit blackdicks.com instead? yes?
how does he do that, it will still show up as google.com in my browser? or not?
explain how it will all look when it's exploited.
also explain if this is something every user has to install on his own machine or a server admin can improve his infrastructure.

also please relate all this to dnssec and tell me where to inspect browser dns updates so i can see live how they work.
please provide a sample script or sample server that will show this exploit live so i can see it for myself on my machine.

just saying "omg dnsscrypt is important guysz" is not nearly good enough. Prove to me that this can hurt me for real on my machine

Download wireshark and look for yourself.

nobody's gonna take the time to spoonfeed you
open google and type your question in, you will know how shit works by the evening

VPNs.

Would a different DNS provider like OpenNIC help?

Faggot, why don't you just educate yourself instead of asking people to spoonfeed you?

DNScrypt + pdnsd with persistent cache is the GOAT setup.
It even decrease latency because caching.

but i spoonfed you people and educated you on how to make a proper issue report.
somebody made this thread and complained about a supposed security issue.
I told him to prove it and explain it, apparently that is already too hard.

No.

>so you're saying that if i type in google.com, somehow somebody can make me visit blackdicks.com instead? yes?
Yes.
>how does he do that, it will still show up as google.com in my browser? or not?
No, it will show up as google.com. The IP address returned when you requested google.com would have been the IP address for blackdicks.com instead.
>explain how it will all look when it's exploited.
It could be invisible. A carefully crafted google clone page that would submit your data through to the real google page after stealing it of course.
>also explain if this is something every user has to install on his own machine or a server admin can improve his infrastructure.
It can be set up on routers, OpenWRT for example.

I run my own DNS server with Unbound directly talking to the root servers via my VPN.

OpenDNS is also slow as fuck. Are you brain damaged?

Care to elaborate?

Using another DNS server still uses the same DNS request protocol, which is in the clear so can be MITMed.

Whats the difference when i just manually change dns addresses in wifi settings?

What server you use is completely irrelevant since the traffic is all plain text shit anyway.
That's why you install DNScrypt and a local DNS server with caching and set said server as the only DNS server in router settings.
Also, read the fucking thread.

thanks fampai