Hi Moses, et al, My recommendation build your own DNS for your internal name resolutions and a recursive server for external lookups. All can be done in one or 2 machines and that should resolve all your issues. Make sure that you assign the internal network users the one or two name servers via DHCP Using DNScrypt means that you are prioritizing security over reliability. DNS uses UDP/53 and in some instances TCP/53 for packets higher than 512 bytes. The DNScrypt in my view is like putting rail wheels on your car to drive on the rail line just because there is traffic jam. You will definitely face a whole new set of problems that you can't deal or fix. If you care about DNS security, you are better of enabling DNSSEC validation on your resolver compared to crossing over to a new protocol. If you are still having problems with your ISP capturing all port 53 traffic, then setup a VPN on the recursive DNS server. That way the rest of your network is not interfered with by the VPN service. In addition, you get keep the DNS on its protocol lane, and benefit from both reliability and non-filtering by your ISP. Hope that helps, Michuki. On Fri, Jun 17, 2016 at 2:06 PM, rsohan--- via skunkworks < skunkworks@lists.my.co.ke> wrote:
Some ideas -- YMMV depending on how your ISP is implementing throttling:
1. Try using another resolver (4.4.4.4/8.8.8.8). 2. Try setting up your own DNS resolver. 3. Use a SOCKS proxy (make sure you enable remote DNS lookups). 4. Use DNSCrypt [https://www.opendns.com/about/innovations/dnscrypt/] 5. If your resolved hostnames are a small set, you could always revert to /etc/hosts
On Wed, Jun 15, 2016 at 4:09 PM, Moses Njuguna via skunkworks < skunkworks@lists.my.co.ke> wrote:
Hi listers, I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke