Privacytools.io: 📝 Correction | Encrypted DNS can be anonymous with DNSCrypt v2 protocol

Created on 9 Apr 2020 · 4Comments · Source: privacytools/privacytools.io

Description

While writing #1821, I have just discovered that the DNSCrypt v2 protocol supports anonymized DNS queries. Here is the documentation.

It seems to only be implemented in one software at the moment, in dnscrypt-proxy.

Maybe other softwares such as Simple DNSCrypt, which is based on dnscrypt-proxy, may implement (or will in the future) anonymized DNS queries, but at the moment it seems from this listing that it's not the case.

Why I am making the suggestion

In https://www.privacytools.io/providers/dns/ , it's written:

Note: Using an encrypted DNS resolver will not make you anonymous

DNSCrypt v2 seems to fix this issue, and there is a concrete application.

My connection with the software

[x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

📝 correction 🗄️ DNS

Source

lrq3000

All 4 comments

Well that's not fully true. It exist exist the eSNI problem.

beerisgood on 9 Apr 2020

👍1

Very interesting, I admit I have no expertise in DNS and such, I am more of a savvy end-user (I can adopt a new protocol/framework but I could certainly not tweak it nor make one).

I found this article about eSNI, is this what you were referring to? From the doc, I understand that SNI had an issue with privacy, but eSNI should solve this. However, I did not find any mention about eSNI on the DNSCrypt v2 doc.

Maybe asking them directly may help clarify this issue :-)

lrq3000 on 15 Apr 2020

The problem with eSNI is that every visiting server need to support it and I sadly guess most doesn't care.

beerisgood on 15 Apr 2020

👍1

It's also still a draft and many may be opting to wait for it to stabilize first.