#dnscrypt — Public Fediverse posts

Habe gerade #inviziblepro für mich entdeckt. Was für eine geile #APP ist das denn bitte !? 😶
#Vpn
Schützt dich mit #dnscrypt
Verschleiert die IP via #tornetzwerk
#i2pnetzwerk Zugang
Kein Datenvolumen limit in der #F-droid Variante !

Habe gerade #inviziblepro für mich entdeckt. Was für eine geile #APP ist das denn bitte !? 😶
#Vpn
Schützt dich mit #dnscrypt
Verschleiert die IP via #tornetzwerk
#i2pnetzwerk Zugang
Kein Datenvolumen limit in der #F-droid Variante !

Habe gerade #inviziblepro für mich entdeckt. Was für eine geile #APP ist das denn bitte !? 😶
#Vpn
Schützt dich mit #dnscrypt
Verschleiert die IP via #tornetzwerk
#i2pnetzwerk Zugang
Kein Datenvolumen limit in der #F-droid Variante !

DoH vs DNSCrypt: technical comparison 🔐

**DNSCrypt:**
✅ No insecure bootstrap
✅ No CA dependency
✅ Resistant to CA compromise
✅ Can hide client IP (Anonymized DNSCrypt)
❌ Less common support

**DoH:**
✅ IETF-standardized (RFC 8484)
✅ Port 443 (blends with HTTPS)
✅ Self-hostable
✅ Browser native support
✅ Harder to detect/block
❌ Requires TLS bootstrap

My: self-hosted DoH → Unbound. Zero third parties, encrypted.

#DNS #Privacy #Security #DoH #DNSCrypt #Encryption #FOSS #Networking

LOL, I was trying to figure out why dnscrypt-proxy wouldn't resolve on port 5053. Turns out the ListenStream and ListenDatagram on /usr/lib/systemd/system/dnscrypt-proxy.socket was set to 127.0.2.1#53. I just changed the port to 5053, not seeing the third digit was set to 2, not 0. It took me some minutes to see that !

I was following this guide, pretty easy, but I gotta say that "2" was pretty sneaky, but it's alright now: https://docs.pi-hole.net/guides/dns/dnscrypt-proxy/

#dnscrypt #pihole

We are deprecating #DNSCrypt support.

https://ffmuc.net/services/dns/2026/01/03/dnscrypt-abschaltung/

Maintenance cost (in an Anycast setup) is too high for so little usage that's why we decided to deprecate it.

#DNS

Frank Denis released #dnscrypt-proxy version 2.1.15. https://github.com/DNSCrypt/dnscrypt-proxy

So #OPNsense is driving me a little crazy🤪, with stuff like:
On DnsCrypt‑Proxy when adding stamps, the stamps spec defines to include the sdns:// prefix but unless you tick the help on the right corner of the add overlay, you will not see that OPNsense does not want you to add the sdns:// prefix🤪😠
Wasting my time in trying to fix #DNScrypt

What is making me crazy mad to no end!🤪😠
Is how outdated the OPNsense manual is!!

#Networking #Network #Networks #DNS #Router #Routers #OpenSource #Firewall

What private DNSCrypt or DNS-over-HTTPS services running some foss software do you use?
Preferably owned and hosted in Europe.

#askfedi #dns #dnscrypt #doh #dns_over_https_doh

Frank Denis released #dnscrypt-proxy version 2.1.14. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.13. https://github.com/DNSCrypt/dnscrypt-proxy

@hobbyblogging #PiHole (mit #DNSCrypt Verbindung), #NextDNS und #Ghostery zusammen, sorgen bei mir für Ruhe im Internet.
Zu Hause, mobil, bei der Arbeit 🙂
Und mit Private Relay, IPv6 und rotierenden Mac-Adressen, auch schwerer zu anhand der IP zu identifizieren (ja, Apple = böse und so. Mir egal 🤣)

Hapy Juneteenth, folks.
Today we celebrate emancipation and reflect on how freedom extends into our digital lives.
✍️Digital liberation matters too.
Follow Us to find out more.
#juneteenth2025 #OnlineSafety #DigitalFreedom #DNSCrypt

Frank Denis released #dnscrypt-proxy version 2.1.12. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.11. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.10. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.9. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.8. https://github.com/DNSCrypt/dnscrypt-proxy

This Weekend's Project:

Dual Raspberry Pi 3s running DNSCrypt-proxy and DNSmasq serving DNS to my home network.

Normal DNS is unencrypted and I don't really trust my ISP's DNS. So I put some old Pi 3s back in service as DNSCrypt servers.

They pull DNS Data from Quad9 (with malware blocking) in encrypted form, and every device on my network gets their DNS served from these two devices.

What a nice project.

(Also I chose not to do Pi-Hole, since blocking ads are done on a device-level for me. Blanket blocking many servers seems to cause unpredictable behaviour.)

#raspberrypi #dnscrypt #networking #dns

Frank Denis released #dnscrypt-proxy version 2.1.7. https://github.com/DNSCrypt/dnscrypt-proxy

Frank Denis released #dnscrypt-proxy version 2.1.6. https://github.com/DNSCrypt/dnscrypt-proxy

If you want to test #DNSCrypt #DoH #DoT the @freifunkMUC servers are happy to take your traffic :).

Ofc researchers or experiments are also welcome.

doh.ffmuc.net - IPv4: 5.1.66.255 / 185.150.99.255 IPv6: 2001:678:e68:f000:: / 2001:678:ed0:f000::

#38c3

@gerowen check out doing recursive dns with pihole and also check out pi alert - sending all syslog verbose to security onion for central logging could be an option or syslog-ng? #514 I would try a yabs (yet another benchmark script) and this will give you a good report. I will try to determine who stops by the r proxies by doing lookups - I probably need to work on my dns setup also #dnscrypt

#DNS is a #privacy minefield. Here's my best shot at charting a safe course through.

New #blog post up now re: combining #AdGuardHome with rotating stable of #DNSCrypt resolvers, with #Tailscale #E2EE over #Mullvad exit nodes, and #Caddy obtaining certificates for #DOH — https://sij.law/dns/

#infosec #selfhosting #debian #linux #hetzner #server #pihole #unbound #macos #ios #DNSOverride #DeepDive #LittleSnitch #Cloudflare #Quad9 #9999

#DNS is a #privacy minefield. Here's my best shot at charting a safe course through.

New #blog post up now re: combining #AdGuardHome with rotating stable of #DNSCrypt resolvers, with #Tailscale #E2EE over #Mullvad exit nodes, and #Caddy obtaining certificates for #DOH — https://sij.law/dns/

#infosec #selfhosting #debian #linux #hetzner #server #pihole #unbound #macos #ios #DNSOverride #DeepDive #LittleSnitch #Cloudflare #Quad9 #9999

#DNS is a #privacy minefield. Here's my best shot at charting a safe course through.

New #blog post up now re: combining #AdGuardHome with rotating stable of #DNSCrypt resolvers, with #Tailscale #E2EE over #Mullvad exit nodes, and #Caddy obtaining certificates for #DOH — https://sij.law/dns/

#infosec #selfhosting #debian #linux #hetzner #server #pihole #unbound #macos #ios #DNSOverride #DeepDive #LittleSnitch #Cloudflare #Quad9 #9999

#DNS is a #privacy minefield. Here's my best shot at charting a safe course through.

New #blog post up now re: combining #AdGuardHome with rotating stable of #DNSCrypt resolvers, with #Tailscale #E2EE over #Mullvad exit nodes, and #Caddy obtaining certificates for #DOH — https://sij.law/dns/

#infosec #selfhosting #debian #linux #hetzner #server #pihole #unbound #macos #ios #DNSOverride #DeepDive #LittleSnitch #Cloudflare #Quad9 #9999

#DNS is a #privacy minefield. Here's my best shot at charting a safe course through.

New #blog post up now re: combining #AdGuardHome with rotating stable of #DNSCrypt resolvers, with #Tailscale #E2EE over #Mullvad exit nodes, and #Caddy obtaining certificates for #DOH — https://sij.law/dns/

#infosec #selfhosting #debian #linux #hetzner #server #pihole #unbound #macos #ios #DNSOverride #DeepDive #LittleSnitch #Cloudflare #Quad9 #9999

@aikensource @cloudflare I use #dnscrypt and dnscrypt-proxy and enable relays, it can take a little while to start when it checks latency but once it's running i've never had any issues. I also front with #unbound to forward specific domains to local nameservers

https://hndrk.blog/tutorial-pi-hole-and-dnscrypt/

i wrote about some time ago how to set up dnscrypt-proxy to use its anonymous dns ability

#dnscrypt #dns #pihole #privacy

So there is this one domain that has like 42 TXT records, and each record is large, so many that it is breaking the #DNSCrypt tool.

Also noticed that #DNSCrypt provides a large amount of binary distributions for #FreeBSD, #OpenBSD, #NetBSD, #DragonFlyBSD, #Solaris, among several other OSs, plus many architecture-specific binaries. That is really nice! Next thing will be deploying it on the beastie server.

Setting up DNSCrypt was easier than anticipated on my Debian machine without systemd-resolved. I really like the binary distribution, which is available as a self-contained directory with the binary and sample configuration. You can run the whole thing from that portable directory and move it around or specify locations on the command line if you wanna spread it.

Also, the gradual and modular approach to the generic Linux installation was a delight to follow, always being reminded to take small and verifiable steps along the way.

For anyone interested, this is it: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux

#DNSCrypt #DNSSEC #DNS #sysadmin #debian #netsec #networksecurity #it

InviZible Pro - Захистіть свій пристрій від небезпечних сайтів, позбудьтеся набридливої реклами та стеження, отримайте доступ до заблокованих ресурсів у вашій країні!

InviZible Pro містить добре відомі модулі DNSCrypt, Tor і Purple I2P. Ці модулі використовуються для досягнення максимальної безпеки, конфіденційності та зручності користування Інтернетом.

InviZible Pro може використовувати root, якщо на вашому пристрої є привілеї root, або використовувати локальну VPN для передачі інтернет-трафіку в мережі Tor, DNSCrypt і I2P.

Особливості:

• Не обовʼязково потрібні root права
• Приховує розташування та IP
• Розблоковує обмежений веб-вміст
• Запобігає відстеженню
• Дозволяє отримати доступ до прихованих мереж
• Виявлення підміни ARP
• Вбудований брандмауер

#android #fdroid #foss #tor #i2p #dns #crypt #dnscrypt #invizible_pro #security #privacy #додаток #приватність #безпека #vpn #root

InviZible Pro
Android application for Internet privacy and security

InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity. You can use them all together or activate only one or two at once.

Download & Guide: https://github.com/Gedsh/InviZible/wiki

#foss #android #OpenSource #Privacy #Security #Tor #dnscrypt #i2p #purplei2p #inviziblepro #root #adblockers #oss #FLOSS

InviZible Pro
Android application for Internet privacy and security

InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity. You can use them all together or activate only one or two at once.

Download & Guide: https://github.com/Gedsh/InviZible/wiki

#foss #android #OpenSource #Privacy #Security #Tor #dnscrypt #i2p #purplei2p #inviziblepro #root #adblockers #oss #FLOSS

InviZible Pro
Android application for Internet privacy and security

InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity. You can use them all together or activate only one or two at once.

Download & Guide: https://github.com/Gedsh/InviZible/wiki

#foss #android #OpenSource #Privacy #Security #Tor #dnscrypt #i2p #purplei2p #inviziblepro #root #adblockers #oss #FLOSS

InviZible Pro
Android application for Internet privacy and security

InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity. You can use them all together or activate only one or two at once.

Download & Guide: https://github.com/Gedsh/InviZible/wiki

#foss #android #OpenSource #Privacy #Security #Tor #dnscrypt #i2p #purplei2p #inviziblepro #root #adblockers #oss #FLOSS

InviZible Pro
Android application for Internet privacy and security

InviZible Pro combines the strengths of Tor, DNSCrypt, and Purple I2P to provide a comprehensive solution for online privacy, security, and anonymity. You can use them all together or activate only one or two at once.

Download & Guide: https://github.com/Gedsh/InviZible/wiki

#foss #android #OpenSource #Privacy #Security #Tor #dnscrypt #i2p #purplei2p #inviziblepro #root #adblockers #oss #FLOSS

Set up #OpenAlias on my #domain. Type it into almost any #Monero wallet (using #monerujo here) and it’ll resolve to my public subaddress, verified by #DNSSEC and requests sent through #DNSCrypt on the client side for #security and #privacy.

This is easy to do for any domain you have full control of with a single #DNS TXT entry. You can also add #BTC, #LTC, and any other #cryptocurrency wallet addresses, although it only has wide adoption for #XMR wallets including the official one. For XMR it’s virtually a universal standard.

Of course relying on centralised authorities isn’t ideal, but it’s a simple open standard and by piggybacking off an already universal standard it’s easy to implement for anyone who has a domain.

Official site: https://openalias.org/

Set up #OpenAlias on my #domain. Type it into almost any #Monero wallet (using #monerujo here) and it’ll resolve to my public subaddress, verified by #DNSSEC and requests sent through #DNSCrypt on the client side for #security and #privacy.

This is easy to do for any domain you have full control of with a single #DNS TXT entry. You can also add #BTC, #LTC, and any other #cryptocurrency wallet addresses, although it only has wide adoption for #XMR wallets including the official one. For XMR it’s virtually a universal standard.

Of course relying on centralised authorities isn’t ideal, but it’s a simple open standard and by piggybacking off an already universal standard it’s easy to implement for anyone who has a domain.

Official site: https://openalias.org/

Set up #OpenAlias on my #domain. Type it into almost any #Monero wallet (using #monerujo here) and it’ll resolve to my public subaddress, verified by #DNSSEC and requests sent through #DNSCrypt on the client side for #security and #privacy.

This is easy to do for any domain you have full control of with a single #DNS TXT entry. You can also add #BTC, #LTC, and any other #cryptocurrency wallet addresses, although it only has wide adoption for #XMR wallets including the official one. For XMR it’s virtually a universal standard.

Of course relying on centralised authorities isn’t ideal, but it’s a simple open standard and by piggybacking off an already universal standard it’s easy to implement for anyone who has a domain.

Official site: https://openalias.org/

Set up #OpenAlias on my #domain. Type it into almost any #Monero wallet (using #monerujo here) and it’ll resolve to my public subaddress, verified by #DNSSEC and requests sent through #DNSCrypt on the client side for #security and #privacy.

This is easy to do for any domain you have full control of with a single #DNS TXT entry. You can also add #BTC, #LTC, and any other #cryptocurrency wallet addresses, although it only has wide adoption for #XMR wallets including the official one. For XMR it’s virtually a universal standard.

Of course relying on centralised authorities isn’t ideal, but it’s a simple open standard and by piggybacking off an already universal standard it’s easy to implement for anyone who has a domain.

Official site: https://openalias.org/

Set up #OpenAlias on my #domain. Type it into almost any #Monero wallet (using #monerujo here) and it’ll resolve to my public subaddress, verified by #DNSSEC and requests sent through #DNSCrypt on the client side for #security and #privacy.

This is easy to do for any domain you have full control of with a single #DNS TXT entry. You can also add #BTC, #LTC, and any other #cryptocurrency wallet addresses, although it only has wide adoption for #XMR wallets including the official one. For XMR it’s virtually a universal standard.

Of course relying on centralised authorities isn’t ideal, but it’s a simple open standard and by piggybacking off an already universal standard it’s easy to implement for anyone who has a domain.

Official site: https://openalias.org/

I've seen some pretty nifty #homelab network maps on here, I need to get around to making something like that.

I'm kind of addicted to spinning up and hosting cool and useful services in #Docker at home (and/or on a #VPS).

Here are a few of them I use on a regular basis:

• #AudioBookshelf (audiobook server)
• #BoringProxy (reverse proxy and tunnel manager)
• #CalibreWeb (ebook server)
• #croc relay (file transfer utility)
• #EternalJukebox (your favorite song ∞)
• #glauth (LDAP server with 2FA)
• #MIMIC3 (TTS engine)
• #mirotalk (WebRTC video conferencing)
• #nitter (Twitter frontend/proxy)
• #Photoprism (photo gallery)
• #pihole with #dnscrypt (DNS-based adblocker)
• #Plex (media server)
• #PodGrab (podcast server)
• #PretendYoureXyzzy (Cards Against Humanity clone)
• #StepCA (certificate authority)
• #TransmissionOpenVPN (Transmission torrent client and OpenVPN in Docker)
• #UptimeKuma (service monitoring tool)
• #VaultWarden (BitWarden-compatible server)
• #WireGuard (VPN)

Anything super nifty y'all think I'm missing?

I've seen some pretty nifty #homelab network maps on here, I need to get around to making something like that.

I'm kind of addicted to spinning up and hosting cool and useful services in #Docker at home (and/or on a #VPS).

Here are a few of them I use on a regular basis:

• #AudioBookshelf (audiobook server)
• #BoringProxy (reverse proxy and tunnel manager)
• #CalibreWeb (ebook server)
• #croc relay (file transfer utility)
• #EternalJukebox (your favorite song ∞)
• #glauth (LDAP server with 2FA)
• #MIMIC3 (TTS engine)
• #mirotalk (WebRTC video conferencing)
• #nitter (Twitter frontend/proxy)
• #Photoprism (photo gallery)
• #pihole with #dnscrypt (DNS-based adblocker)
• #Plex (media server)
• #PodGrab (podcast server)
• #PretendYoureXyzzy (Cards Against Humanity clone)
• #StepCA (certificate authority)
• #TransmissionOpenVPN (Transmission torrent client and OpenVPN in Docker)
• #UptimeKuma (service monitoring tool)
• #VaultWarden (BitWarden-compatible server)
• #WireGuard (VPN)

Anything super nifty y'all think I'm missing?

I've seen some pretty nifty #homelab network maps on here, I need to get around to making something like that.

I'm kind of addicted to spinning up and hosting cool and useful services in #Docker at home (and/or on a #VPS).

Here are a few of them I use on a regular basis:

• #AudioBookshelf (audiobook server)
• #BoringProxy (reverse proxy and tunnel manager)
• #CalibreWeb (ebook server)
• #croc relay (file transfer utility)
• #EternalJukebox (your favorite song ∞)
• #glauth (LDAP server with 2FA)
• #MIMIC3 (TTS engine)
• #mirotalk (WebRTC video conferencing)
• #nitter (Twitter frontend/proxy)
• #Photoprism (photo gallery)
• #pihole with #dnscrypt (DNS-based adblocker)
• #Plex (media server)
• #PodGrab (podcast server)
• #PretendYoureXyzzy (Cards Against Humanity clone)
• #StepCA (certificate authority)
• #TransmissionOpenVPN (Transmission torrent client and OpenVPN in Docker)
• #UptimeKuma (service monitoring tool)
• #VaultWarden (BitWarden-compatible server)
• #WireGuard (VPN)

Anything super nifty y'all think I'm missing?

I've seen some pretty nifty #homelab network maps on here, I need to get around to making something like that.

I'm kind of addicted to spinning up and hosting cool and useful services in #Docker at home (and/or on a #VPS).

Here are a few of them I use on a regular basis:

• #AudioBookshelf (audiobook server)
• #BoringProxy (reverse proxy and tunnel manager)
• #CalibreWeb (ebook server)
• #croc relay (file transfer utility)
• #EternalJukebox (your favorite song ∞)
• #glauth (LDAP server with 2FA)
• #MIMIC3 (TTS engine)
• #mirotalk (WebRTC video conferencing)
• #nitter (Twitter frontend/proxy)
• #Photoprism (photo gallery)
• #pihole with #dnscrypt (DNS-based adblocker)
• #Plex (media server)
• #PodGrab (podcast server)
• #PretendYoureXyzzy (Cards Against Humanity clone)
• #StepCA (certificate authority)
• #TransmissionOpenVPN (Transmission torrent client and OpenVPN in Docker)
• #UptimeKuma (service monitoring tool)
• #VaultWarden (BitWarden-compatible server)
• #WireGuard (VPN)

Anything super nifty y'all think I'm missing?

I've seen some pretty nifty #homelab network maps on here, I need to get around to making something like that.

I'm kind of addicted to spinning up and hosting cool and useful services in #Docker at home (and/or on a #VPS).

Here are a few of them I use on a regular basis:

• #AudioBookshelf (audiobook server)
• #BoringProxy (reverse proxy and tunnel manager)
• #CalibreWeb (ebook server)
• #croc relay (file transfer utility)
• #EternalJukebox (your favorite song ∞)
• #glauth (LDAP server with 2FA)
• #MIMIC3 (TTS engine)
• #mirotalk (WebRTC video conferencing)
• #nitter (Twitter frontend/proxy)
• #Photoprism (photo gallery)
• #pihole with #dnscrypt (DNS-based adblocker)
• #Plex (media server)
• #PodGrab (podcast server)
• #PretendYoureXyzzy (Cards Against Humanity clone)
• #StepCA (certificate authority)
• #TransmissionOpenVPN (Transmission torrent client and OpenVPN in Docker)
• #UptimeKuma (service monitoring tool)
• #VaultWarden (BitWarden-compatible server)
• #WireGuard (VPN)

Anything super nifty y'all think I'm missing?