Add dnscrypt as resolver

[ptr1337]

Since dnscrypt is getting more popular and used, a option to use that as resolver would be nice if possible. Also quic getting more popular.

Just some ideas. Thanks for your great work!

[0xERR0R]

Thank you for your suggestions. I saw some articles regarding "DNS-over-QUIC", and as far as I know, there only one public DNS server available at the moment (adguard). Do you have more information about DoQ?

[ptr1337]

https://github.com/ookangzheng/blahdns

This Project is really improving daily their service. really everything like you "want" :p

[mihakralj]

While Quic is interesting for sure, i would like to see DnsCrypt DNS stamps implemented for upstream configurations. https://dnscrypt.info/stamps-specifications/

[mihakralj]

Also, NextDNS.Io now supports DoQ. They also have another feature: passing the device name as part of the DNS request, allowing their upstream DNS to perform better analytics and stats:

DNS-over-TLS

Prepend the name to the provided domain (the name should only contain a-z, A-Z, 0-9 and -). Use -- for spaces.

For "John Router", you would use John--Router-4e6e99.dns.nextdns.io as your DNS-over-TLS endpoint.

DNS-over-HTTPS

Append the name to the provided URL (the name should be URL encoded).

For "John's Firefox", you would use https://dns.nextdns.io/4e6e99/John's%20Firefox as your DNS-over-HTTPS endpoint.

[ptr1337]

Also oDOH would be nice. there are also several Client written in go which can be implemented into blocky I think.

I have not learned go so far. Next thing to do :p.

[ignoramous]

For RethinkDNS (also based on golang), we extracted the relevant dnscrypt-proxy bits for queries over both tcp and udp with support for Anonymized Relays, which may come in handy as a reference: https://github.com/celzero/firestack/tree/rdns/intra/dnscrypt

Of course, it is a painful process to keep up with upstream, especially since our impl is stripped down of numerous features upstream continues to support. And so...

You may also want to consider this neat dnscrypt golang library by Andrey, CTO at AdGuard (though, I haven't looked at the code to know if it confirms to upstream reference implementation or if it supports Anonymized Relays): https://github.com/ameshkov/dnscrypt

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[ThinkChaos]

Renamed the issue to focus on dnscrypt since there's a dedicated issue for DoQ: #650