DNSCrypte ports?

Discussion in 'privacy problems' started by J_Whacka, Jun 10, 2014.

Thread Status:
Not open for further replies.
  1. J_Whacka

    J_Whacka Registered Member

    Joined:
    May 30, 2014
    Posts:
    13
    Hi does anyone know which ports DNSCrypt use? I seen some posts but there kind of old. I use Win7 Firewall Block IN/OUT. I have set UDP 443 out for dnscrypt-proxy.exe and added the OpenDNS ips to scope. I Removed Dnscache and just have DNSCrypt in my outbound rules now but im unsure if i need to add 53 also or even a TCP rule.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    DNSCrypt will listen to local machine DNS requests on port 53 and will transmit them to the external DNS server via port 443.
     
  3. J_Whacka

    J_Whacka Registered Member

    Joined:
    May 30, 2014
    Posts:
    13
    Thanks funky so i guess making a outbound rule with remote port 443 is correct and hardening it with the open dns ips in scope.

    Also because im using Dnscrypt would it work or be safe to disable the Dnscache service? I have removed my firewall rule for Dnscache udp 53 and have Dnscrypt so not sure if the service is needed because befor i used Dnscrypt disabling the service wouldent give me net access.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    There is no right or wrong when it comes to disabling the DNS service. It's up to you what you think might be more of a threat to you in future.

    If you don't trust the apps on your PC, you might want to disable it to stop the cache being read. However, disabling it will mean you transmit a lookup across the internet every time you visit a domain. Although that lookup is encrypted, what is better than encryption? Not sending a lookup at all.

    Personally I'd rather have a DNS Cache. The less you transmit, the better. Using a cache means only 1 lookup.
     
  5. J_Whacka

    J_Whacka Registered Member

    Joined:
    May 30, 2014
    Posts:
    13
    Ah thanks guess i will leave it then. Do you need to make a firewall rule for Dnscache port 53? or just allow Dnscrypt and keep Dnscache running as a service with no firewall rule.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    Depends what your firewall is filtering. If it's filtering local machine connections then you'd need to create a rule. My guess is you don't. Try and see :)
     
  7. J_Whacka

    J_Whacka Registered Member

    Joined:
    May 30, 2014
    Posts:
    13
    Not sure all works fine only prob i have is my firewall log being spammed with:

    DROP 2 192.168.0.1 224.0.0.1 - - 36 - - - - - - - RECEIVE

    I doubt this is DNSCrypt causing this but all i managed to find out is its something to do with IPv4 or IGMP. Think its one of the wireless SKY-HD boxes because when i checked Wireshark was something like "who has this ip? tell 192.168.0.1" but its filling up my logs and i aint sure how to stop it filling my logs. I have UPnp disabled throught the registry key also have is off in the router, i dont think the SKY-HD wireless box is paired to the router so might be the cause i have no idea.:confused:
     
  8. J_Whacka

    J_Whacka Registered Member

    Joined:
    May 30, 2014
    Posts:
    13
    Never mind found out its a IGMP rule. What confused me was the 2 that replaced TCP/UDP looks like protocol 2 is IGMP which is safe to block. Wish there was a way to block it filling my logs but atleast i know it doing its job. Dnscache is running fine with no firewall rule also, i have DNSCrypt in outbound with port 443 as i have Windows 7 Firewall set to block in/outbound. Thanks for help funky :thumb:
     
Loading...
Thread Status:
Not open for further replies.