Replies: 1 comment 2 replies
-
dnscrypt-proxy/dnscrypt-proxy/example-dnscrypt-proxy.toml Lines 241 to 256 in de16f22 Read it carefully. Seems you don't get it. Bootstrap resolvers may not be used as you thought.
No user queries will ever be leaked through these resolvers. |
Beta Was this translation helpful? Give feedback.
2 replies
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
-
Based on my interactions with the developer of inviZible, it seems that many do not understand that the bootstrap resolvers are not necessary if you use a stamp that includes the IP address for your server.
By removing/commenting out the bootstrap resolvers line (or setting them to loopback, null, 0.0.0.0, etc.) you can ensure that, even if for some reason you are unable to connect to your chosen resolver, the proxy will fail to connect instead of sending a request on port 53.
While this is a minor improvement in privacy/security, it's still worth mentioning, since on unrooted Android devices for example you cannot block port 53 (especially problematic for WWAN).
So my suggestion is to clarify with something like
'you can comment out this line or set these to an invalid address (e.g. 127.0.0.1:53) if you use a DNS stamp that already contains an IP address'
Beta Was this translation helpful? Give feedback.
All reactions