[Request] Add in DNS encryption. #14
Comments
|
There's considerable follow-up discussion in StreisandEffect/streisand#272 that I don't want to copy/paste here but should be referred to by anyone interested in restarting this discussion. |
|
#29 also seems to be related. |
|
Hey All, Following up on this, we can probably put this together really easily using cloudflare's implementation of DNS over https using their "cloudflared" package and newly launched 1.1.1.1/1.0.0.1 DNS resolvers. I think we should replace DNSmasq with this as the default. This will also remove the need for the upstream DNS host variable. I've done some tests with a few servers of mine and it works flawlessly. No client changes necessary either. Let me know you thoughts, I can work on the role replacement and submit a pull request. James |
|
I worry that the 1.1.1.1 DNS domains may get blocked by china, so I am not confident that this may be the best idea as the default implementation. many external DNS are blocked or highly intermittent here. |
|
The request will be https to cloudflare, not DNS. It’s a DNS proxy, so all DNS requests are made to localhost, and in turn sent to cloudflare over https. Cloudflare then make the dns request to their locally cached roots. This is why we would need to replace dnsmasq. |
|
ah, that is much more compelling.
…On Tue, Apr 3, 2018 at 1:46 PM, jamesspi ***@***.***> wrote:
The request will be https to cloudflare, not DNS. It’s a DNS proxy, so all
DNS requests are made to localhost, and in turn sent to cloudflare over
https. Cloudflare then make the dns request to their locally cached roots.
This is why we would need to replace dnsmasq.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#14 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACE5KKeK2VIApS2pEamA0VILp6f7X5CRks5tkwy_gaJpZM4OglTF>
.
|
Suggested by @Rich700000000000 in StreisandEffect/streisand#272
The text was updated successfully, but these errors were encountered: