From 7cebf72c343580d3ee9a0ba8eb3df372a3af2edf Mon Sep 17 00:00:00 2001
From: nitrohorse <1514352+nitrohorse@users.noreply.github.com>
Date: Sat, 23 May 2020 18:49:47 -0700
Subject: [PATCH] Update terms formatting and include anonymized dnscrypt
---
_includes/sections/dns.html | 34 ++++++++++++++++++++++------------
1 file changed, 22 insertions(+), 12 deletions(-)
diff --git a/_includes/sections/dns.html b/_includes/sections/dns.html
index 067b6462..f0e4eb1b 100644
--- a/_includes/sections/dns.html
+++ b/_includes/sections/dns.html
@@ -2,23 +2,33 @@
Encrypted DNS Resolvers
-Terms
+Terms
-
- - DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
-
- DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
- - DNSCrypt - An older yet robust method of encrypting DNS.
-
+DNS-over-TLS (DoT)
+
+ A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
+
+
+DNS-over-HTTPS (DoH)
+
+ Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443 and more difficult to block. {% include badge.html color="warning" text="Warning" tooltip="DoH contains metadata such as user-agent (which may include system information) that is sent to the DNS server." link="https://tools.ietf.org/html/rfc8484#section-8.2" icon="fas fa-exclamation-triangle" %}
+
+
+DNSCrypt
+
+ With an open specification, DNSCrypt is an older, yet robust method for encrypting DNS.
+
+
+Anonymized DNSCrypt
+
+ A lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. This is a relatively new protocol created in 2019 currently only supported by dnscrypt-proxy and a limited number of relays.
+
- Using a DNS-over-HTTPS, DNS-over-TLS, or DNSCrypt resolver will not make you anonymous, nor hide your internet traffic from your Internet Service Provider. But, it will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here.
+ DNS-over-HTTPS, DNS-over-TLS, and DNSCrypt resolvers will not make you anonymous. Using Anonymized DNSCrypt hides only your DNS traffic from your Internet Service Provider. However, using any of these protocols will prevent DNS hijacking, and make your DNS requests harder for third parties to eavesdrop on and tamper with. If you are currently using Google's DNS resolver, you should pick an alternative here.
-
-
Anonymized DNS is a lightweight protocol that hides the client IP address by using pre-configured relays to forward encrypted DNS data. Keep in mind this is a relatively new protocol currently only supported by
dnscrypt-proxy and a limited number of
relays.
-