First if all, is DNSCrypt still being supported? It hasn't been updated on github for 2 years and remains on version 0.0.6. Is this version stable enough to be named 1.0 or is it orphaned?
Anyway, I have BIND installed on a Win7 server. It is configured to forward to OpenDNS and is used as local cache.
I've read about DNSCrypt and it seems interesting, I installed it and it reports green protected. But I'm still concerned if BIND is using it when forwarding queries, or if DNSCrypt works only over DNS Client.
In my current topology, all local PCs query over my local BIND server, which forwards to OpenDNS. Because they don't query directly to OpenDNS, I think DNSCrypt wouldn't work for them, because BIND doesn't support it. The perfect solution would be BIND run over DNSCrypt, this way DNSCrypt would be installed only once and used by BIND.
Is this strategy workable?
Please sign in to leave a comment.