john_dud

Member
Regulars
#31
If you configure dnscrypt-proxy you can still use non excitel dns. I've configured it on my windows desktop & linux laptop and it works well.
 
#32
Problem with the approach however is that regular DNS servers don't work with dnscrypt. And, as far as I know, there is not a single dnscrypt server available in India. Also, secondary server is not supported at the moment. So this could, at times, be problematic to some I guess.

I'm happy with it though. Installed straight into my router instead of each device individually and it works great.
 

john_dud

Member
Regulars
#33
I don't seem to be experiencing any problems on this approach, would you elaborate a bit? And both google dns and opendns use anycast so that you get best performance.
 


#34
@john_dud well, first of all, dnscrypt absolutely does not support Google DNS. I'm not sure why you mentioned that. Also, the regular (208.67.222.222) OpenDNS server is not supported either. Only the ones that are listed here. And yes OpenDNS does use AnyCast but I don't really like their logging policy. So I only stick with one of the DNSCrypt or d0wn servers.
 
Last edited:

john_dud

Member
Regulars
#35
Google dns was an example I know they don't support dnscrypt. You could use adguard dns, they have no logging or opennic dns as they have dns server in India and have no logging.
 
Last edited:
#36
Yeah those Adguard servers are new. Hadn't seen before. I will consider switching to one of them. But another reason I usually preferred DNSCrypt servers is because of the DNSSEC validation. And for my usage, their European servers have mostly worked fine. Will consider Adguard or OpenNIC if it ever becomes too problematic.
 


john_dud

Member
Regulars
#37
Generally any service in Germany & Netherlands region works well for me, better than anything in US region anyway. And I think you'd want to stay away from adguard dns servers as my dnsleaktest revealed yandex & opendns servers behind their setup.
 

john_dud

Member
Regulars
#39
It seems Google DNS does support dnssec
Does Google Public DNS support the DNSSEC protocol?
Yes. Google Public DNS is a validating, security-aware resolver. All responses from DNSSEC signed zones are validated unless clients explicitly set the CD flag in DNS requests to disable the validation.

Source:
Code:
https://developers.google.com/speed/public-dns/faq