154 votes

DNSCrypt is currently the safest and most cutting edge DNS protocol that exists on the planet. It protects against MITM, DNS poisoning and easedropping. Because DNSCrypt does not have a TLS stack nor use X509 certs, the attack surface is vastly smaller than DNS over TLS. Validating TLS certificates in non-browser software is the most insecure code in the world: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html https://dnscrypt.info/faq

DNSCrypt specializes in the art of DNS encryption and does not use a generic protocol such as TLS to accomplish this, but its own complete and unique specification fine tuned for DNS. DNScrypt offers users over 100 decentralized servers to choose from from around the world. Many modern systems offer only DNS over TLS, limiting users to 5 eyes jurisdiction corporations for services like Google or Cloudflare. Here are some of the flavors it comes in:

https://www.simplednscrypt.org/
https://github.com/jedisct1/dnscrypt-proxy

Suggested by: Tyler Vincent Upvoted: 14 Aug Comments: 2

Under consideration

Comments: 2

Add a comment

0 / 500

* Your name will be publicly visible

* Your email will be visible only to moderators