🌐 Website Issue | DNSCrypt tool vs protocol? #684

New Issue

2018-12-22T20:30:11Z

Mikaela commented

2018-12-22 20:30:11 +00:00

(Migrated from github.com)

Description

DNSCrypt - Tool

A protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.

I think the word "Tool" is a bit misleading here as it's a protocol as the description mentions, but this may leave a confusion to the readers on which it is. I cannot think of a better word though, but wished to raise this issue.

## Description > DNSCrypt - Tool > > A protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver. I think the word "Tool" is a bit misleading here as it's a protocol as the description mentions, but this may leave a confusion to the readers on which it is. I cannot think of a better word though, but wished to raise this issue.

ghost commented

2018-12-23 11:48:05 +00:00

(Migrated from github.com)

DNSCrypt is a protocol and there are different implementations of it: https://dnscrypt.info/implementations/

So, the better wording might be "implementation" vs. "protocol".

Maybe, we should also mention DNS-over-HTTPS and DNS-over-TLS.

DNSCrypt is a protocol and there are different implementations of it: https://dnscrypt.info/implementations/ So, the better wording might be "implementation" vs. "protocol". Maybe, we should also mention DNS-over-HTTPS and DNS-over-TLS.

👍 1

beerisgood commented

2018-12-23 12:47:23 +00:00

(Migrated from github.com)

For DNS-over-TLS (DoT) we can use Stubby in combination with PiHole. Works great
The advantage is that clients (in that network) doesn't need any tool like DNSCrypt.

For DNS-over-TLS (DoT) we can use Stubby in combination with PiHole. Works great The advantage is that clients (in that network) doesn't need any tool like DNSCrypt.

Mikaela commented

2018-12-23 16:30:53 +00:00

(Migrated from github.com)

I don't know if implementation is any better word unless actual implementation is linked.

DNSCrypt-proxy also supports DNS over HTTPS, but don't have interest in DNS over TLS (https://github.com/jedisct1/dnscrypt-proxy/issues/68#issuecomment-362526814).

I don't know if implementation is any better word unless actual implementation is linked. DNSCrypt-proxy also [supports DNS over HTTPS](https://github.com/jedisct1/dnscrypt-proxy/blob/436125e812da5669f58cdf03019ec6878c33f5de/README.md#dnscrypt-proxy-2019-final-is-available-for-download), but don't have interest in DNS over TLS (https://github.com/jedisct1/dnscrypt-proxy/issues/68#issuecomment-362526814).

Atavic commented

2019-01-04 18:35:58 +00:00

(Migrated from github.com)

DNS is a protocol, while DNSCrypt in an implementation of encryption over DNS.

Although DNSCrypt site itself uses "protocol" that's not the correct term, see:

In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.

Source

Wikipedia defines Hypertext Transfer Protocol Secure (HTTPS) as an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network.

Likewise, DNSCrypt is an extension of DNS and hopefully a soon-to-become standard like HTTPS has become.

*DNS* is a protocol, while *DNSCrypt* in an implementation of encryption over DNS. Although DNSCrypt site itself uses "protocol" that's not the correct term, see: > In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. [Source](https://www.opendns.com/about/innovations/dnscrypt/) Wikipedia defines Hypertext Transfer Protocol Secure (HTTPS) as an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network. Likewise, DNSCrypt is an extension of DNS and hopefully a soon-to-become standard like HTTPS has become.

blacklight447 commented

2019-08-28 17:53:20 +00:00

(Migrated from github.com)

update on this, @mikeala ?

Mikaela commented

2019-08-28 18:28:23 +00:00

(Migrated from github.com)

No news, but looking at this again, I think I will:

delist DNSCrypt (protocol)
list DNSCrypt-proxy (software) as Local DNS server
I would mention DNSCrypt in terms, but it's already mentioned there.

Feel free to PR or take over or self-assign, my self-assignment is once again just a reminder for me to actually do this sometime.

No news, but looking at this again, I think I will: * delist DNSCrypt (protocol) * list DNSCrypt-proxy (software) as *Local DNS server* * I would mention DNSCrypt in terms, but it's already mentioned there. Feel free to PR or take over or self-assign, my self-assignment is once again just a reminder for me to actually do this sometime.

👍 2

This repo is archived. You cannot comment on issues.