Why aren't you using DNS over HTTPS user? Open Firefox Go to about:config Set...

James Allen
James Allen

Why aren't you using DNS over HTTPS user?
Open Firefox
Go to about:config
Set network.trr.mode to 3
Set network.trr.uri to doh.appliedprivacy.net/query

Congrats, you are now safe from your ISP

Attached: 3dpd.jpg (43.61 KB, 850x560)

Other urls found in this thread:

github.com/dimkr/nss-tls
raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md',
download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md',
raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md',
evilvibes.com/list/opennic.md'
doh.appliedprivacy.net/query

Daniel Moore
Daniel Moore

Oh and if you want it at the system level install github.com/dimkr/nss-tls

Matthew Richardson
Matthew Richardson

But user, I don't have anything to hide from my isp.

Ryan Morgan
Ryan Morgan

Because I'd want it implemented at my router so I still can sinkhole shit I wouldn't want.

Grayson Turner
Grayson Turner

Everyone has something to hide user

Cameron Sanchez
Cameron Sanchez

Damn, you din't fall for my trap. Yeahh you're right.

Jason Foster
Jason Foster

network.trr
no results

Aaron Roberts
Aaron Roberts

why are you not using an insanely overcomplicated turd for barely any benefit
oh you have to configure it to not send everything to cuckflare by default btw
Yeah I wonder.

Brayden Stewart
Brayden Stewart

It's DNSCrypt's fat, retarded cousin.

Hunter Stewart
Hunter Stewart

DNS over HTTPS is the love child of 2 secret service branches of the US government. Thankfully, since I run a dark theme on my browser, I could see your post glowing before I even read it.

If you want non-CIAnigger DNS encryption use dnscrypt on a system level. I recommend dnscrypt, which is written in C, and implements dnscrypt. Make sure to disable DoH since it also implements that.

Attached: 0888888c364726a2702cf896f35694ad789caf10a4aeed8404442db56b97aaad.jpg (62.98 KB, 640x480)

Easton Reyes
Easton Reyes

dnscrypt-proxy which is written in C*

Jonathan Foster
Jonathan Foster

Why aren't you using DNS over HTTPS user?
because it's fucking retarded
Congrats, you are now safe from your ISP
no, you aren't (and I already was) and this is exactly why it's retarded

Anthony Fisher
Anthony Fisher

Cause theres literally no upsides to it over dnscrypt.

Luke Gomez
Luke Gomez

Update your Firefox

Kevin Thompson
Kevin Thompson

dnscrypt-proxy is written in golang nowadays and finally supports basic shit like fallback servers.

Ayden Roberts
Ayden Roberts

dnscrypt-proxy is written in golang nowadays
Fucking hell, guess it's time to uninstall. Another lost project.

Leo Perry
Leo Perry

tbh i got a headache trying to set up dnscrypt then just gave up.
This is because i assumed i had to specify a dns server to use, so i wanted to use opennic. But funny fucking thing is. It never used opennic even though i had it set in /etc/conf.d/dnscrypt-proxy like it asked.
But the weird fucking thing was even without it using my dns, it was still working? a quick check on netstat showed me it was connecting to other dns servers like 9.9.9.9 or 1.1.1.1. Now, i know the aformentioned ip, and identifed it immediently as cuckflare.
And since i couldn't figure out how to get the fucker to stop connecting to these shitty resolvers, i decided to just fucking uninstall it.
Theres no fucking way i'll use cuckflare, no way no ever.
Trying to search for a reason as to why it's doing this also gives me fuckall. Except i also found that there seems to be another config file? Which apparently has a lot of predefined shit in it "etc/dnscrypt-proxy/dnscrypt-proxy.toml" so i decided to comment all that shit out. It still connects to all those dns servers i don't want.
Seriously, at this point i don't know fucking how to configure this shitter or where the configs actually are.

Christian Wood
Christian Wood

I didn't know about 9.9.9.9, but I block a few of those in my pf.conf, just to be sure.

botnet_dns = "{ 8.8.8.8, 8.8.4.4, 1.1.1.1, 1.0.0.1 }"
block out on egress inet proto { tcp, udp } from any to $botnet_dns port 53

It's nice that they use consistent IP address patterns. We should check anything that resembles those.

Jordan Ward
Jordan Ward

I just want to encrypt the connection between me and a single dns server, why does this need all these settings? Resolv.conf is simple and straight to the point, every configuration i've ever seen for dnscrypt is confusing as fuck.
pf.conf
Where's that?
Why do i need to block something if i'm going to manually tell it what server i want anyway?
i didn't know about 9.9.9.9
It's quad9 dns, for me it was set as the default fallback in that .tmol config i was talking about. I thought disabling any fallback would stop the connections but it didn't.
At this point i just want to see no url resolved when using dnscrypt so i can manually add my own resolver.
This would help in the case that i would maybe create my own dns server in the future.

Do you happen to know any good guides to dnscrypt that is ass backwards or unconsistant with other guides? arch wiki has a shit guide, install gentoo wiki had agood guide but didn't work, and gentoo has no guide what so ever. using gentoo if that helps

Jaxson Stewart
Jaxson Stewart

isn't*

Eli Price
Eli Price

Because its slow and nowadays I'm more preoccupied with performance than privacy
I used to have all those addons from privacy guides, today I only use uBlock and a cookie auto deleter, that's more than enough and it also helps with performance

Nathaniel Cook
Nathaniel Cook

pf.conf is the packet filter config for OpenBSD and NetBSD (and any others that use pf). So that's how I block those DNS: at the firewall. You can probably do the same with iptables in Linux.
I never used dnscrypt, and it sounds a bit complicated, not sure it's worth my trouble. I'm more likely to do something altogether different, like for example increasing my local resolver (unbound) cache TTL, and storing a DB of all resolved hostnames, and notifying me if something changes. That way I can go back to using host files, basically. ^_^

Attached: Sleep.gif (163.44 KB, 480x368)

Jeremiah Barnes
Jeremiah Barnes

To lose muh XUL extensions? Kek

Aiden Lopez
Aiden Lopez

Because I'm using DNS over TLS instead.

Brody Morales
Brody Morales

You only lose your XUL extensions when you upgrade Firefox and also refuse to upgrade your XUL extensions. You have always had the power to do this, you simply refuse to make the investment.

Levi Gray
Levi Gray

Why can’t I use a VPN?

Evan Thomas
Evan Thomas

rtfm
dnscrypt comes working out of the box, all you really have to do is disable the cianigger DoH and make sure you're using the local server.

Mason Adams
Mason Adams

iptables isnt that nice. you have to reconfigure it manually after every reboot. sure you can make scripts do it but on openbsd theres a nice config file

Jordan Hall
Jordan Hall

disable DoH
I'll look into this.
Also, can someone explain to me why install gentoo wiki says to add new servers in a syntax that looks like this:
/etc/conf.d/dnscrypt-proxy

DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALPORT=40
DNSCRYPT_USER=dnscrypt

DNSCRYPT_PROVIDER_NAME=
DNSCRYPT_PROVIDER_KEY=
DNSCRYPT_RESOLVERIP=
DNSCRYPT_OPTIONS="--edns-payload-size=4096"

DNSCRYPT_RESOLVERPORT=443

And dnscrypt's wiki on github says to add servers like so:

server_names = ['server_i_want']

[static]
[static.'server_i_want']
stamp = 'sdns://SOME LONG STRING OF CONFUSING SHIT'

What the fuck is this stamp shit? why is the syntax so fucking retarded, why doesn't it work even when i go through all the trouble of doing it? WHY DOES NONE OF THESE WORK DESPITE BEING THE METHOD ON THE WIKIS?!?!
What fuck nigger made this shit.
I mean, the one on the installl gentoo wiki made some sense but this .tmol look fucking barbaric.

Matthew Watson
Matthew Watson

bending over and accepting purposely handicapped extensions framework up the ass.
How about no? Followed by Waterfox or Palemoon.

Benjamin Morales
Benjamin Morales

Isn't the problem with DoH that all the people you are _actually_ trying to evade, like Cloudflare and Google are still tracking you? As alluded to here: Which begs the questions mentioned here:

Personally, I think DoH might be getting media attention because Google is trying to increase the market value of its own surveillance data by eliminating competitors (ISPs). Can anyone recommend any DNS services which are based and/or redpilled?

Isaac Powell
Isaac Powell

Can anyone recommend any DNS services which are based and/or redpilled
opennic

Dominic Adams
Dominic Adams

muh privacy through dns over https

A bridge/tunnel (some sort of relay) or bust. There is no point to having DNS over HTTPS without one. All you would be doing is trading little to no privacy with slightly slower performance. If you are sending your requests without it being encrypted and rerouted your ISP will still see which addresses you are connecting to and will still archive (metadata or raw) and correlate it, especially if they are a big ISP and more so if private 3rd parties (advertisers) or Law Enf. get involved. You either cross your fingers and get a glow nigger VPN, use a mixnet or get a secure relay of some kind.

Protection from MitM or other similar attacks is the only benefit I could see to using it on normie net.

Dominic Miller
Dominic Miller

it hides quite well if you are a average tard that browses sites that are behind cloudflare or similar. there thousands sites share the ips and you cant access any specific site directly with the ip that you get from a dns query. all they will know then is that someone accessed the cloudflare network.

Easton Robinson
Easton Robinson

This is the right way to do it.

This is the wrong way. Browsers have no business maintaining an opinion on how DNS should be resolved.

Attached: 1413149629424-2.jpg (16.49 KB, 533x400)

Joshua Thomas
Joshua Thomas

Doesn't that default to (((cloudflare))) as DNS?

browses sites that are behind cloudflare
No thanks.

Connor Sanders
Connor Sanders

Yes, except I showed you how to change the default

Matthew Reyes
Matthew Reyes

Nope. TLS/SSL handshake includes the site-specific cert being transmitted in plain text.
There's a TLS extension that first negotiates encryption with whatever the fuck that kind of service is called, and then once talks are already encrypted the cert download with the site the person is actually visiting exchanges information is already encrypted.

Jack Jones
Jack Jones

I don't understand how you niggers can be this retarded.
Here's a demo config I made just now using the config that came with the package and it Just Works™ (uses only the OpenNIC servers):server_names = [
'fvz-anyone',
'fvz-anytwo',
'opennic-famicoman',
'opennic-luggs',
'opennic-luggs2',
'opennic-onic',
'opennic-tumabox',
'publicarray-au',
'publicarray-au-doh'
]

listen_addresses = ['127.0.0.1:53']

max_clients = 250

user_name = 'dnscrypt_proxy'

ipv4_servers = true
ipv6_servers = true
dnscrypt_servers = true
doh_servers = false

require_dnssec = false
require_nolog = true
require_nofilter = true

force_tcp = false

timeout = 2500

keepalive = 30

use_syslog = true

cert_refresh_delay = 240

tls_disable_session_tickets = true

fallback_resolver = '1.1.1.1:53'

ignore_system_dns = true

netprobe_timeout = 30

log_files_max_size = 1
log_files_max_age = 1
log_files_max_backups = 1

block_ipv6 = false

cache = true
cache_size = 1024
cache_min_ttl = 600
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600

[query_log]
format = 'tsv'

[nx_log]
format = 'tsv'

[blacklist]

[ip_blacklist]

[whitelist]

[schedules]

[sources]
[sources.'public']
urls = [
'raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md',
'download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
]
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'dnscrypt-proxy.public.md'

[sources.'opennic']
urls = [
'download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md',
'raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md',
'evilvibes.com/list/opennic.md'
]
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'dnscrypt-proxy.opennic.md'

[static]

Jason Cruz
Jason Cruz

sources
raw.githubusercontent.com
Are you fucking with me?

Tyler King
Tyler King

config that came with the package and it Just Works
same here, but it's also connecting to (((cloudflare))) so fuck you.

Chase Fisher
Chase Fisher

That config is retarded, why can't i just specify an ip to use and the public key and be over with it?
Why do i have to direct it towards fucking (((github))) in order for it to work? Why the fuck is a url doing in a dns resolver config.
DNScrypt is shit, all it needs to do is decrypt the incoming shit from x ip and send that to resolv.conf why you have to have such an ass backwards and confusing system that will only ruin security by relying on google,cloudflare,microsoft,github and other centralized systems is beyond me.

Nicholas Anderson
Nicholas Anderson

golang
So there was a rewrite?
I guess that would explain why the syntax went to shit...

Jaxon Phillips
Jaxon Phillips

Set network.trr.mode to 3
Set network.trr.uri to doh.appliedprivacy.net/query
firefox stopped loading pages with those settings. set back to 0, but kept new web address you listed and it worked fine

what was the original web address in the 2nd part?

Ethan Taylor
Ethan Taylor

If you simply went out and machinegunned your enemies, you wouldn't have to worry about annoyances like this. Sage for yet another boring privacy thread.