Open ptr1337 opened 3 years ago
Thank you for your suggestions. I saw some articles regarding "DNS-over-QUIC", and as far as I know, there only one public DNS server available at the moment (adguard). Do you have more information about DoQ?
https://github.com/ookangzheng/blahdns
This Project is really improving daily their service. really everything like you "want" :p
While Quic is interesting for sure, i would like to see DnsCrypt DNS stamps implemented for upstream configurations. https://dnscrypt.info/stamps-specifications/
Also, NextDNS.Io now supports DoQ. They also have another feature: passing the device name as part of the DNS request, allowing their upstream DNS to perform better analytics and stats:
DNS-over-TLS
Prepend the name to the provided domain (the name should only contain a-z, A-Z, 0-9 and -). Use -- for spaces.
For "John Router", you would use John--Router-4e6e99.dns.nextdns.io as your DNS-over-TLS endpoint.
DNS-over-HTTPS
Append the name to the provided URL (the name should be URL encoded).
For "John's Firefox", you would use https://dns.nextdns.io/4e6e99/John's%20Firefox as your DNS-over-HTTPS endpoint.
Also oDOH would be nice. there are also several Client written in go which can be implemented into blocky I think.
I have not learned go so far. Next thing to do :p.
For RethinkDNS (also based on golang), we extracted the relevant dnscrypt-proxy
bits for queries over both tcp
and udp
with support for Anonymized Relays, which may come in handy as a reference: https://github.com/celzero/firestack/tree/rdns/intra/dnscrypt
Of course, it is a painful process to keep up with upstream, especially since our impl is stripped down of numerous features upstream continues to support. And so...
You may also want to consider this neat dnscrypt
golang library by Andrey, CTO at AdGuard (though, I haven't looked at the code to know if it confirms to upstream reference implementation or if it supports Anonymized Relays): https://github.com/ameshkov/dnscrypt
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.
Renamed the issue to focus on dnscrypt since there's a dedicated issue for DoQ: #650
Since dnscrypt is getting more popular and used, a option to use that as resolver would be nice if possible. Also quic getting more popular.
Just some ideas. Thanks for your great work!