I'm opposed to having .NET Framework on my PC, so it looks like DNSCrypt is not an option for me. Been looking at AlternateDNS, SafeDNS, DNS.watch, OpenNIC, & DNS Advantage. I'm not finding anything at their sites that claims to provide countermeasure against DNS cache spoofing, poisoning, etc. Are there currently any alternatives to DNSCrypt, able to offer same level of protection against DNS-based attacks?
Your problem is this irrational desire based on nothing (except paranoia?) Anyway, DNSCrypt doesn't use .NET, the "easy GUI's" use it. You can install DNSCrypt itself directly as a service if you enjoy the pain of manually updating and reinstalling it every time a major Windows patch disables the service due to it not being signed.
NET Framework is as dangerous as Powershell. https://securelist.com/blog/research/72417/the-rise-of-net-and-powershell-malware/
Seriously, don't even know what you're doing in this forum - unless you're one of those plants that's never been weeded out.
Yes we should also avoid cars because they kill people. Wake up, nearly everything in life has positive and negative effects. If you want to avoid threats buy a large safety bubble and live in it. For the rest of us, we take rational precautions. Avoiding .NET all together is not one of them, especially when you would sacrifice DNS security to accomplish it.
If you had bothered to look into it, which you obviously didn't, you would know that .NET comes with quite a few exploits....but then you don't know that, because you didn't bother to google it. And yes, most of those exploits can be remedied (or at least lessened) but why would you bother to fix bloatware that takes up so much space, and gives nothing in return, other than allowing one to use various apps that requires it, especially when you can find alternate apps that don't require it? I'd call that irrational. Aside from this, you didn't even take the time to read my post too closely, or you would know that I never said that DNSCrypt requires it...I was referring to its GUI. In short, no GUI, no DNSCrypt for me. Lastly, you didn't even bother to actually answer the actual question that was actually asked, which was about alternatives.
Have you tried SimpleDnsCrypt Get it here https://simplednscrypt.org/ You do need to install Microsoft Visual C++ 2015 for it to work. Is that too much of a security risk?
I'm not sure, but I was under the impression that only installing .NET does not pose any security risks. The security risks come from running programs that use .NET, so in this case only DNScrypt would be vulnerable to .NET exploits. Using DNScrypt without a GUI is not that hard btw: https://github.com/jedisct1/dnscrypt-proxy/blob/master/README-WINDOWS.markdown Is this limited to Win10? I've never noticed it. Those are DNS providers. If they use DNSSEC it helps with some DNS attacks, but their advantage is mosly limited to familiy/malware filters. DNSCrypt is a tool to encrypt the DNS queries between you and your provider if the provider supports it.
Well, the security exploits look reasonable: https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-3847/Microsoft-Visual-C-.html and the file size of 13.9MB is definitely not bloatware. At first glance it looks okay, but unless I'm misreading your link, it appears to also require .NET: Requirements This software targets .NET 4.5. It also requires Visual C++ Redistributable for Visual Studio 2015 x86.
Regarding .NET exploits, here's a good place to start: https://www.cvedetails.com/vulnerab...product_id-2002/Microsoft-.net-Framework.html Google searches will uncover lots more, although exploits are only part of what I don't like about .NET, as I am equally opposed to bloatware, and with a file size of 600MB to 2GB (depending on who you ask), it definitely qualifies. Yes, I know they are DNS providers, and as such, are only substitutes for OpenDNS. Finding alternatives to DNSCrypt is not so easy, which is the reason for my post.
From that link Of course they can, and so can the VPN provider's DNS too when we use it. There's nothing new there. Anyone can log anything despite what they say. Suppose I host a DNSCrypt server, and then use it, even if I don't log myself, my provider might be logging the queries. If they don't, their provider could do too. The author should rephrase the title as "DNSCrypt Reduces Privacy Compared to VPNs/Tor". But DNSCrypt is obviously better than using unencrypted. I would rather prefer using DNSCrypt, when I am not using VPN, or I need to have my "real" IP for something like shopping online, banking etc. SNI isn't used for most of the sites, so I am not worried about leaking the hostnames. As for @Uitlander, you might want to look at SSL-DNS. It worked on Windows 7 few years ago, on my computer. Their website SSL cert is expired so you will be getting an error when you check that page, just do a temporary exception.
I agree. This blog post is rather stupid, IMHO. Besides, I don't regard dnscrypt-proxy not so much as a privacy but rather a security tool as it prevents DNS spoofing. That's the key point.
I'll need to study your link more, but at first glance it looks just as complicated as using DNSCrypt, without the GUI (that requires the gawd-awful .NET).
I would suspect there must be an alternative to prevent DNS spoofing that does not require bloatware like .NET, or Linuxean command-line acrobatics...although I'll admit I have yet to find anything, nor has anyone else it seems.