Feature Request - DNSCrypt Anonymized DNS

[unipacket01]

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• [ ] I am running the latest version
• [X] I checked the documentation and found no answer
• [X] I checked to make sure that this issue has not already been filed

Feature Request

Hi, DNSCrypt recently released a new feature for Anonymized DNS ( https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS ). Does AdGuardHome support this when connecting to a DNSCrypt server such as AdguardDNS or Quad9?

[ameshkov]

No, we don't support it.

Anonymized DNS is basically just a proxy server. I am not yet convinced this makes any sense.

[jkle112]

AdGuard Home v0.99.3 Hope upgrade speed up! support Anonymized DNS,used (firefox extension:)https everywhere,pirivacy badger,foxyproxy standard, f(Chrome extension:)cookies jar (sandbox),cupcake(flash proxy)or speed up.

[no-replies]

Any update on when there will be downstream and upstream dnscrypt v2 support?

@jkle112 @ameshkov

[ameshkov]

There is upstream support already. No ETA for downstream yet

[no-replies]

Whilst Upstream will accept sdns stamp it doesn’t seem to support v2; Anonymized doesn’t seem to work.

Although I’m more interested in downstream. Of course can use sdns stamp and doh. But V2 would be much more useful incl anonymized .

[ameshkov]

Whilst Upstream will accept sdns stamp it doesn’t seem to support v2; Anonymised doesn’t seem to work.

Don't confuse "DNSCrypt anonymized" with DNSCrypt, these are different things.

Although I’m more interested in downstream

Please file a feature request for this. If it gets a lot of upvotes, we'll consider it.

[no-replies]

Isn’t this the feature request for them? Or do you mean

https://github.com/AdguardTeam/AdGuardHome/issues/225

https://github.com/AdguardTeam/dnsproxy/issues/44

v2 has had multiple requests over the last year but seem to get closed

[ameshkov]

You're confusing different things.

• There's an SDNS stamp which is not a protocol, but a way to encode a DNS resolver address. You can encode any resolver using it: DOH, DOT, DNSCrypt, whatever.
• There is a DNSCrypt protocol. AdGuard Home can work as a DNSCrypt client.
• AdGuard Home cannot work as a DNSCrypt server (and there are no feature requests about that)
• Anonymized DNSCrypt is an extension of DNSCrypt which is basically a DNS proxy. This feature request is about adding client-side support of Anonymized DNSCrypt.

As I understand, you want us to add an option for AdGuard Home to work as a DNSCrypt server?

[no-replies]

Yes I understand.

Yes aim is to be able to connect to and from adguard using dnscrypt v2 (Protocol) including use of anonymized dnscrypt

[ameshkov]

1. I highly doubt we will ever implement server-side Anonymized DNSCrypt, it makes no sense for AdGuard Home. The point is that in this case, AGH won't see what requests are being made so it won't be able to block anything.
2. We might implement client-side Anonymized DNSCrypt if this feature request gets upvoted enough.
3. We most likely will implement server-side DNSCrypt as it got many upvotes already, thanks for reminding me about the dnsproxy issue. I've mirrored it here: https://github.com/AdguardTeam/AdGuardHome/issues/1361

[no-replies]

I suppose most useful due to mobile devices is:

dnscrypt v2 to AGH

AGH to anonymized dnscrypt upstream OR AGH to upstream via anonymized relay

[ameshkov]

Yeah, that'd be possible if points 2 and 3 from my comment are implemented.

Just one note:

AGH to anonymized dnscrypt upstream OR AGH to upstream via anonymized relay

These are effectively the same (anonymized dnscrypt IS an anonymized relay).

[no-replies]

Agree. However:

“ You probably want relays and the servers they relay to to be operated by different entities. If you want to minimized latency, choose relays and servers that are close from a network perspective. If you feel paranoid, choose relays and servers in different countries. You decide.”

https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS

[ghost]

Yeah, that'd be possible if points 2 and 3 from my comment are implemented.

Just one note:

AGH to anonymized dnscrypt upstream OR AGH to upstream via anonymized relay

These are effectively the same (anonymized dnscrypt IS an anonymized relay).

Any news on that, since Anonymised DNSCRYPT, is nearly the only way to have a way to query a dnscrypt server without caring if they truely log or not (since relayed by another provider).

For privacy advocate i think this must be pushed more hight in the priority Since DNS rely too much on trust that nothing is logged server side.

[Vixeriox]

It would be nice to have Anonymized DNScrypt in AdGuard Home. I used this feature in dnscrypt-proxy and miss it after switching to AdGuard Home.

[Unfaehig]

+1