Talk:DNSCrypt

Latest comment: 4 months ago by Johngreth in topic Listing dnscrypt port as 53 vs 443

Refs

edit

User:2a01:e34:ec2d:b010:2041:cc56:1f8:992e As the only ref has been removed, saving this here How to Boost Your Internet Security with DNSCrypt . The fact that it's old and may be outdated is one thing, but currently the article has no refs so best to establish WP:N with something. Widefox; talk 10:38, 29 January 2016 (UTC)Reply

Main and Deployment sections

edit

Added some more details on the protocol, its use, capabilities and deployment. Some links attached. Catwilmore (talk) 11:00, 11 September 2017 (UTC)Reply

Should the words end-to-end security be replaced with End-to-end encryption (E2EE)?

edit

The opening section states it doesn't provide end-to-end security. With these exact words. What is meant by end-to-end security? Should the words end-to-end security be replaced with End-to-end encryption (E2EE)? 176.12.186.116 (talk) 05:13, 9 July 2023 (UTC)Reply

Good question! Right now the statement is Though it doesn't provide end-to-end security, it protects the local network against man-in-the-middle attacks, with a reference to the GitHub proxy software page. There are one obvious issue: the proxy page has no mention of neither MITM nor "end-to-end security". That means the sentence can just be removed, but maybe we can salvage some meaning and get a better source.
Now let's guess at what the big words mean, specifically which the "ends" were meant to be. Does DNSCrypt prevent MITM? Yes, but only for the part between the user and the recursive resolver (OpenDNS, Quad9, whoever). So maybe "end-to-end" refers to "from the user all the way to the authoritative nameserver" or something to that effect.
Or we could ask the person who wrote it: Special:Diff/800074000. User:Catwilmore, uhhhhh any words on what you mean? Artoria2e5 🌉 03:14, 19 January 2024 (UTC)Reply
Hmm... there seems to be no official mention of a MITM anywhere in the DNSCrypt documentation, even though it's obvious that the encryption and authentication is there to prevent eavesdropping and tampering (neither word is found in official documentation either, as far as DuckDuckGo says). Guess it's time to exercise some terrible "sourcing liberties". Artoria2e5 🌉 03:21, 19 January 2024 (UTC)Reply

Listing dnscrypt port as 53 vs 443

edit

A user recently changed text to indicate that dnscrypt uses port 53 and not 443 (it has been reverted). The dnscrypt protocol uses port 443. The confusion may have been because a dnscrypt proxy server listens for normal non-encrypted dns queries on port 53. This page is about the dnscrypt protocol, not dnscrypt-proxy or any other software that implements both unencrypted and dnscrypt dns protocols. Johngreth (talk) 13:54, 4 July 2024 (UTC)Reply