• achsonaja@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    How so? I’m using unbound locally for recursive DNS, but I’ll checkout what DNSCrypt adds since it seems like local encrypted DNS to the recursive servers.

    Wouldn’t ECH still work with this setup and this setup be more secure since you’re not handing off your DNS requests to some other company?

    • Bitrot@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      It would work, except Firefox is configured to not use ECH if it is not using DoH. I updated my original reply after testing it out. Hopefully they update this behavior in the future, it is very user-hostile right now.

    • taladar
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Basically DNSCrypt is designed to hide your IP from the DNS server and your DNS query from your ISP. Basically it relays your DNS query via one server which knows your IP but only sees and encrypted version of your query and response and one server which knows your query but not your IP. Obviously you want both servers to be run by two different organizations.