Closed BYK closed 7 years ago
All DNS queries are encrypted between connecting clients and the various services that Streisand sets up, so users are protected from DNS leaks already.
Can you give me an example of a scenario where DNSCurve would be helpful? Do you have any thoughts on how it could be integrated into Streisand? It looks really interesting but doesn't appear to be widely adopted.
Hah, sorry for not being more clear :) I meant a DNS service, apart from the VPN so I can point my local DNS settings to my streisand server and use the secure DNS service when I don't need a full-blown VPN service.
Not sure if it makes sense, I just wanted to put the suggestion here so we can talk about it.
I see the need to use a DNS-crypt powered dns server(or proxy) with SSL over TCP when connecting to the Internet from a strictly restricted network which allows only for http/https connections and has local DNS server that logs both the query and source IP/MAC and/or doesn't allow resolving selected domains. If streisand is about privacy and security, my guess is it should support personal/private DNS resolver. I think something similar to this with dnsmasq should be enough.
However this issue is quiet old, it is not closed and since I decided to post here, instead of creating a new one.
DNSCrypt is a stable project with several DNS providers. All queries go over port 443 and are encrypted. This should replace dnsmasq.
I've used the script below on my OpenVPN VPS running Debian 7 https://github.com/simonclausen/dnscrypt-autoinstall
https://github.com/jlund/streisand/issues/272 is a duplicate of this pre-existing issue but the discussion on 272 seems more complete. I'm going to close this issue and encourage interested folks to follow 272 instead.
I think it would be nice to have a secure DNS server implementation such as DNSCurve.