Re: [Skunkworks] DNS ENCRYPTION
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy: https://www.youtube.com/watch?v=Z7Wl2FW2TcA Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP. If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public? Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it Regards, Muriithi
Thanks
Moses
@Ahmad I had considered VPN, but since am running MS AD Internally with local network shares and etc, it can't work. Neither can I trust my corporate network to go through some VPN. @ william Thanks for the video. Struggled with DNScrypt now its working fine, though some dnscrypt servers keep timing out. For the question of which ISP, Faiba. From what i have gathered, they are trying to curb reselling of their network so they limit the number of dns queries you can do.Just like they way QB stopped sambaza bundles.The prob is that this makes the internet service suck alot even for guys who arent "re-selling". For now they won't be seeing my dns connections, am free from their nasty filters On Wed, Jun 15, 2016 at 9:16 PM, William Muriithi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy:
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP.
If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public?
Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it
Regards,
Muriithi
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
is this their logic behind the annoying block they've implemented accusing users of spamming ? On Fri, Jun 17, 2016 at 8:35 AM, Moses Njuguna via skunkworks < skunkworks@lists.my.co.ke> wrote:
@Ahmad
I had considered VPN, but since am running MS AD Internally with local network shares and etc, it can't work. Neither can I trust my corporate network to go through some VPN.
@ william Thanks for the video. Struggled with DNScrypt now its working fine, though some dnscrypt servers keep timing out. For the question of which ISP, Faiba. From what i have gathered, they are trying to curb reselling of their network so they limit the number of dns queries you can do.Just like they way QB stopped sambaza bundles.The prob is that this makes the internet service suck alot even for guys who arent "re-selling".
For now they won't be seeing my dns connections, am free from their nasty filters
On Wed, Jun 15, 2016 at 9:16 PM, William Muriithi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy:
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP.
If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public?
Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it
Regards,
Muriithi
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
@ Geoffery Yup, & when you call them up they tell you that they detected "suspicious" activity. Good am free of this nonsense On Fri, Jun 17, 2016 at 8:52 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
is this their logic behind the annoying block they've implemented accusing users of spamming ?
On Fri, Jun 17, 2016 at 8:35 AM, Moses Njuguna via skunkworks < skunkworks@lists.my.co.ke> wrote:
@Ahmad
I had considered VPN, but since am running MS AD Internally with local network shares and etc, it can't work. Neither can I trust my corporate network to go through some VPN.
@ william Thanks for the video. Struggled with DNScrypt now its working fine, though some dnscrypt servers keep timing out. For the question of which ISP, Faiba. From what i have gathered, they are trying to curb reselling of their network so they limit the number of dns queries you can do.Just like they way QB stopped sambaza bundles.The prob is that this makes the internet service suck alot even for guys who arent "re-selling".
For now they won't be seeing my dns connections, am free from their nasty filters
On Wed, Jun 15, 2016 at 9:16 PM, William Muriithi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy:
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP.
If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public?
Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it
Regards,
Muriithi
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
they've given me a dump to analyse with wireshack apparently im doing 2k dns requests per second On Fri, Jun 17, 2016 at 9:07 AM, Moses Njuguna <moses.w.n@gmail.com> wrote:
@ Geoffery Yup, & when you call them up they tell you that they detected "suspicious" activity. Good am free of this nonsense
On Fri, Jun 17, 2016 at 8:52 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
is this their logic behind the annoying block they've implemented accusing users of spamming ?
On Fri, Jun 17, 2016 at 8:35 AM, Moses Njuguna via skunkworks < skunkworks@lists.my.co.ke> wrote:
@Ahmad
I had considered VPN, but since am running MS AD Internally with local network shares and etc, it can't work. Neither can I trust my corporate network to go through some VPN.
@ william Thanks for the video. Struggled with DNScrypt now its working fine, though some dnscrypt servers keep timing out. For the question of which ISP, Faiba. From what i have gathered, they are trying to curb reselling of their network so they limit the number of dns queries you can do.Just like they way QB stopped sambaza bundles.The prob is that this makes the internet service suck alot even for guys who arent "re-selling".
For now they won't be seeing my dns connections, am free from their nasty filters
On Wed, Jun 15, 2016 at 9:16 PM, William Muriithi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy:
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP.
If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public?
Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it
Regards,
Muriithi
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
-- GG
Did you try setting up a caching DNS server in house. That helps to sort the issue to some level. Regards, Job Muriuki, Skype: heviejob On Fri, Jun 17, 2016 at 9:24 AM, geoffrey gitagia via skunkworks < skunkworks@lists.my.co.ke> wrote:
they've given me a dump to analyse with wireshack apparently im doing 2k dns requests per second
On Fri, Jun 17, 2016 at 9:07 AM, Moses Njuguna <moses.w.n@gmail.com> wrote:
@ Geoffery Yup, & when you call them up they tell you that they detected "suspicious" activity. Good am free of this nonsense
On Fri, Jun 17, 2016 at 8:52 AM, geoffrey gitagia <ggitagia@gmail.com> wrote:
is this their logic behind the annoying block they've implemented accusing users of spamming ?
On Fri, Jun 17, 2016 at 8:35 AM, Moses Njuguna via skunkworks < skunkworks@lists.my.co.ke> wrote:
@Ahmad
I had considered VPN, but since am running MS AD Internally with local network shares and etc, it can't work. Neither can I trust my corporate network to go through some VPN.
@ william Thanks for the video. Struggled with DNScrypt now its working fine, though some dnscrypt servers keep timing out. For the question of which ISP, Faiba. From what i have gathered, they are trying to curb reselling of their network so they limit the number of dns queries you can do.Just like they way QB stopped sambaza bundles.The prob is that this makes the internet service suck alot even for guys who arent "re-selling".
For now they won't be seeing my dns connections, am free from their nasty filters
On Wed, Jun 15, 2016 at 9:16 PM, William Muriithi via skunkworks < skunkworks@lists.my.co.ke> wrote:
Moses,
I would like to encrypt my dns requests so that my ISP does not "throttle" my connection based on the number of dns connections per sec/min. Has any one successfully used MS dns server forwarding with DNSCRYPT <http://dnscrypt.org> daemon? Or is there a simpler solution that achieves the same I suspect there is.
First, your email reminded me of this youtube. Watch it and you will enjoy:
https://www.youtube.com/watch?v=Z7Wl2FW2TcA
Sounds like you are using the ISP DNS servers, would this be correct assumption? If so, the best way is to run a local DNS on your LAN. That way, your DNS activities are transparent to your ISP.
If your ISP are however just intercepting all connections to port 53, the solution above may help as I noticed they are using port 443. What ISP are you using if you don't mind mentioning them in public?
Don't have any experience with DNSCRYPT, I would start with running the the docker image they provided before investing myself too much with it
Regards,
Muriithi
Thanks
Moses
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- GG
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (4)
-
geoffrey gitagia -
Job Muriuki -
Moses Njuguna -
William Muriithi