[Important!] BlahDNS and anonymization support (Anonymized DNS).

[ghost]

Hello ookangzheng.

I hope, that you're fine and everything is okay.

Recently, I decided to check BlahDNS Servers again and I have a simple question: does BlahDNS Servers support so-called Anonymized DNSCrypt protocol [1]? I'm asking, because once for a few days, sometimes longer, there is a WARNING message, that shows only during the very first DNSCrypt start (e.g. during or right after/before user login etc.)

It looks thins way:

[WARNING] [dnscrypt-de-blahdns-ipv4] is incompatible with anonymization

However, after DNSCrypt restart via systemctl restart dnscrypt-proxy.service command, there is not such a WARNING message. Option skip_incompatible, resoponsible for "skipping resolvers incompatible with anonymization instead of using them directly" is set to true (default value in v2.0.44 is false).

A WARNING message, described above, already happened for both Servers: dnscrypt-{de,fi}-blahdns-ipv4. (However, I didn't tested Japan Server, sorry).

So, ookangzheng can BlahDNS Users, use Servers with anonymization or it's not supported?

Thanks, best regards.

[1] https://github.com/DNSCrypt/dnscrypt-proxy/issues/960

[zoonderkins]

Both server doesnt support Anonymous DNSCrypt protocol.. You're right. Cuz Im using Dnsdist to serve dnscrypt ~~ Actually, you can use others anonymous server --> Blahdns dnscrypt protocol.

[ghost]

Hi ookangzheng.

Thank You for an answer. Is this possible to make BlahDNS servers compatible with anonymization? Can You do that?

Excuse me, but what does it mean: anonymous server --> Blahdns dnscrypt protocol? Do You think about using other Servers not BlahDNS? (I'm asking, because of --> in your statement).

Thanks.

[zoonderkins]

I mean you can direct connect to some anonymous relay server, and set the destination server as Blahdns. So the flow will be:

1. your server / router (dnscrypt) --> relay --> Blahdns
2. DNS resolution --> Blahdns --> relay --> your server / router

[zoonderkins]

Im busy with my job at this moment, so will try to implement it once I have free time.

[ghost]

Hello ookangzheng.

Thanks for an answer and I'm sorry for such a long time without response (I was/I am busy doing various things).

Also, thank You for clarifications about connecting to the anon relay Server and then BlahDNS etc. but - for now - I have no idea how to achieve that. Never mind.

It's nice to hear You're working on implementing anon relays support. That's great! (Just announce it somewhere when everything will be okay: here on GitHub and/or on your blahdns.com website).

Thanks, best regards :- )

That's for You: 🥇

[GrennKren]

@szemley , im pretty sure if I've been used blahdns resolver in dnscrypt for more than 2 months, and I can anonymized Blahdns Singapore

[NOTICE] Service stopped
[NOTICE] dnscrypt-proxy 2.0.44
[NOTICE] Source [relays] loaded
[NOTICE] Source [public-resolvers] loaded
[NOTICE] Anonymized DNS: routing [adguard-dns] via [anon-tiarap] 
[NOTICE] Anonymized DNS: routing [dnscrypt-sg-blahdns-ipv4] via [anon-tiarap]
[NOTICE] Anonymized DNS: routing [id-gmail] via [anon-tiarap]
[NOTICE] Configuration successfully checked
[NOTICE] Service started

[ghost]

Hello GrennKren.

Thank You for an answer. Honestly, I also used BlahDNS Servers without any WARNING messages for a many weeks. I just noticed this message one day and I decided to ask ookangzheng. And - as You can read - he stated, that BlahDNS Servers don't support Anon DNS, but he's working on this.

By the way: do You set skip_incompatible option to true? (I'm asking, because by default its value is false). On the other hand, there are many threads on an official DNSCrypt-Proxy account (here, on GitHub) about issues with anonymization etc. (sorry, but I don't have any direct links - however, You can check here [1])

Best regards.

EDIT: ookangzheng, please check the latest update/version of dnsdist. Maybe it will help You with enabling support for Anon DNS?

---

[1] https://github.com/DNSCrypt/dnscrypt-proxy/issues?q=anonymization

[Sn0whax]

Just chiming in here:

I'm in a similar situation as @GrennKren . skip_incompatible = true

I've been successfully using BlahDNS with Anonymous relays. This is also proven by changing the relay it routes through to an incorrect name causing the destination (BlahDNS) not to be reached.

[zoonderkins]

Thanks for the update