Which DNSCrypt name server to choose?

Follow

dlugo

May 05, 2017 01:23

OK, I'm a total dunce and don't even know why I need to use DNSCrypt except that OpenDNS says everyone should use it, so...

I have the DNSCrypt-OSXClient running, v. 1.0.14.  It has a long list of DNSCrypt "name servers" from which to choose.  

Which one should I choose?

Also, should I "Disable IPv6 to reduce IPv4 latency"?

Last, why does my VPN not work when I'm using DNSCrypt?

I'm 100% ignorant and need you to answer using simplistic words and terms... like you're explaining this in a "Fun With Dick and Jane" book for 1st graders who never heard of a computer before.

Thanks for your help.  

0

• 

  rotblitz May 05, 2017 06:25 (Edited May 05, 2017 09:11)

  You're wrong here for a basic network course.  This is not what can be achieved in a forum like this.

  "OpenDNS says everyone should use it"

  Really?  This is not what I would know...
  And no, if this is technically over your head, you shouldn't use it.  Just plain OpenDNS would do as well.

  "It has a long list of DNSCrypt "name servers" from which to choose.  Which one should I choose?"

  The DNS services supporting DNSCrypt are listed in the CSV file coming with DNSCrypt.  I believe the current entry for OpenDNS is "cisco" or "cisco-familyshield" for OpenDNS FamilyShield.

  

  
  "Also, should I "Disable IPv6 to reduce IPv4 latency"?"

  It's your decision.  If you don't have or don't want IPv6 connectivity, then you really should disable it.

  "Last, why does my VPN not work when I'm using DNSCrypt?"

  Doesn't it?  It should work!  You may copy & paste the complete plain text output of the following diagnostic commands to here when the VPN connection is being enabled:

  nslookup -type=txt debug.opendns.com.
  nslookup whoami.akamai.net.
  netsh interface ipv4 show config 
  
  (Only in case you have IPv6 connectivity:)
  netsh interface ipv6 show addresses
  netsh interface ipv6 show dnsservers

   

  0

  Comment actions Permalink
• 

  dlugo May 05, 2017 16:33

  Thank you for the specific name server suggestions.  I chose #10, "Cisco OpenDNS".

  I guess what I read is that OpenDNS users are encouraged to use DNSCrypt ... http://bit.ly/2phCbW3 (2nd paragraph)

  I disabled IPv6.

  I will experiment with my VPN to see if my loss of access to the Internet last night was actually due to using it while DNSCrypt was enabled.  If I need to run the diagnostic commands I will post the results here.

  I am using as many privacy tools as I can since my DSL Internet connection and phone landline were hacked into in 2003.  Nothing really seems effective for getting these former co-workers of my off my trail but I guess it doesn't hurt to try everything that's available.  (I know, it sounds unlikely but these former co-workers apparently have little else to do with their time than to electronically harass people.  It's a big problem here in Rapid City, SD... "Podunkville, USA")

  Thank you again!

  0

  Comment actions Permalink
• 

  rotblitz May 05, 2017 17:18

  "I am using as many privacy tools as I can"

  Then the Tor Browser is the way to go - you can't get anything more private.  (You'll not be using OpenDNS with it though.)

  0

  Comment actions Permalink
• 

  lircit November 18, 2017 15:13

  I have cisco OpenDNS set for my dnscrypt-proxy resolver.  Are instances of use of dnscrypt included in my OpenDNS stats page, e.g., on https://dashboard.opendns.com/stats/... .

  Thanks.

  0

  Comment actions Permalink
• 

  rotblitz November 18, 2017 16:32

  All your DNS traffic seen at OpenDNS will be collected in the stats, no matter if you used DNSCrypt or not.  Your stats do not reflect whether or not you used DNSCrypt.

  0

  Comment actions Permalink

Please sign in to leave a comment.