Replies: 1 comment 1 reply
-
|
After some more consideration, I think this might be important to be able to do for security reasons, because right now it seems like if an attacker gets access to the dnscrypt.info server then all DNS traffic by dnscrypt-proxy world-wide can be intercepted. Correct me if I'm wrong. (I realize that somebody could also try to mess with the source code, but I assume that has a longer lead time until it reaches the users if e.g. they install the program from a Linux distribution's packages. The public lists however seem to be fed into the programs directly.) The only prevention mechanism to make this more decentralized seems to be to use your own DNS stamps and bypass the sources list. The wiki doesn't really say how to do that. |
Beta Was this translation helpful? Give feedback.
-
|
I found the stamp calculator now: https://dnscrypt.info/stamps/ I would suggest this calculator should probably be mentioned right after this paragraph:
Sadly, the calculator doesn't really seem to say what key format is expected for the public key, and doesn't seem to check that the public key is somehow coherent either which would be nice. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
The wiki just mentions this for the "DNS stamps" on the configuration starting page: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Configuration
Perhaps I'm missing something, but this doesn't actually seem to tell me anything useful on how to get this information.
When specifying DNS over HTTPS servers in browsers, it's typically a URL and not a stamp, e.g.
https://dns.mullvad.netor similar. There doesn't seem to be any information on the configuration page on how to use a server like that, which seems like a problem since that appears to be the usual format on how these servers are presented to the user.Beta Was this translation helpful? Give feedback.
All reactions