DNSCrypt: suggestions

[Horizonbli]

Hello there,

Giving InviziblePro a try...

DNSCrypt cloaking rules suggestion:

1. Import lists in other formats, such as domain only, wildcard (such as OISD offers);

2. Allow to either set 127.0.0.1 or 0.0.0.0, instead of importing whatever is on the blacklist;

DNSCrypt query log suggestion:

1. An icon/other option to easily open/access the queries log, both query and suspicious logs, without having to go to the DNSCrypt settings

For the time being this is it.

Thanks

[Horizonbli]

It came to my attention that, despite InviziblePro allowing hosts file format to be imported (in Cloaking rules), it does not replace the position of the IP address, which in this case would be 0.0.0.0 (or 127.0.0.1). It keeps the IP addresses on the left side of the entries, which results in DNSCrypt not blocking connections to such domains/hosts. So, either InviziblePro replaces the IPs position, placing them on the right side of the domains/hosts, or it should work both ways, either left or right.

Please, note that I am testing the beta version; it may be a bug or not. No idea. But, if it's not a bug, it would be more than welcome if you could provide that change.

Thanks

[Gedsh]

Hello,

Import lists in other formats, such as domain only, wildcard (such as OISD offers);

You can use domains, wildcards as described here: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Filters Or you can use the hosts file when importing the blacklist. It will be converted to a list of domains.

Allow to either set 127.0.0.1 or 0.0.0.0, instead of importing whatever is on the blacklist;

As I mentioned above, you can use the hosts file format when importing.

An icon/other option to easily open/access the queries log, both query and suspicious logs, without having to go to the DNSCrypt settings

I currently have no plans for this as in VPN mode you can see a detailed connections log in the DNS tab.

It came to my attention that, despite InviziblePro allowing hosts file format to be imported (in Cloaking rules), it does not replace the position of the IP address

Please use the hosts file for importing blacklist. You don't need to import it as cloaking rules.

[Horizonbli]

The problem is that dnscrypt will take more time to accomplish what would be quicker with cloaking, simply because with cloaking we'd be mapping domains/hosts to an IP, which makes dnscrypt promptly block connections to blocked domains. Pattern blacklisting will make dnscrypt match patterns; those patterns may be entire domains, nonetheless patterns, and the more entries the more will take to match DNS queries with those patterns.

The following is just an example showing the same experience. https://github.com/Fincer/dns-sinkhole

In my case, I tried with a lot more entries. Hopefully, overtime it could be possible to implement the previous suggestion that I have made regarding cloaking. For the time being I'm using pdnsf to accomplish the same task.

Cheers

[Gedsh]

The problem is that dnscrypt will take more time to accomplish what would be quicker with cloaking

Please show me DNSCrypt benchmarks so I can see a significant difference.

[Horizonbli]

Hello again

Regarding benchmarks, well... I suppose can say what I noted down from dnscrypt query log back then.

When I imported hosts/domain files as pattern blocklists, it took 107ms to make a query. I got no way to import such files as cloaking blocklists, because it just won't work, at all.

But, I didn't suggest it merely from the perspective of blocking access to domains, also from the perspective of importing hosts file mapping domains/hostnames to their respective IP addresses. Considering hosts file works with IP addresses on the left side, it would make sense that dnscrypt cloaking would convert them to its own format, IP address on the right.

Merely a suggestion, that's all. One that would make sense, I believe, IMHO.

Thanks