OpenDNS DNSCrypt updated (proxy version)

Discussion in 'privacy technology' started by m00nbl00d, Jul 27, 2012.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Source: -https://github.com/opendns/dnscrypt-proxy/blob/2ac78d99a3ba9c113bc7146284dc159d4eda0949/NEWS
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Nothing really important from what I see. Maybe now they can remove the random pointless service the GUI installs and have the proxy run and controlled directly by the GUI application which was last touched over 2 months ago. I'll stick to v1 for now.
     
  3. jedisct1

    jedisct1 Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    39
    Location:
    San Francisco, CA
    Buggy (for now) but not pointless.

    A lot of wifi hotspots are blocking or redirecting all your traffic until you accept their TOS, watch some stupid video or fill a survey. DNS is blocked as well, and in particular, encrypted DNS queries are not redirected to the captive portal, they are usually just dropped.
    Like, if you use Starbucks wifi, you have to change the DNS settings to DHCP, pass the Starbucks captive portal, and only then you can switch back to 127.0.0.1 in order to use dnscrypt again.

    The user interface tries to do that automatically. It's not super reliable right now, but coping with these captive portals is really not trivial. And actually, the Windows GUI does a pretty good job compared to the Mac GUI. And Noxwizard's GUI doesn't try to do it at all.

    The source code of the official Windows GUI is on Github. Feel free to fork it and improve it. Pull requests are more than welcome.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Actually that's the sole reason I haven't installed it on other peoples laptops (the less technical) and also thought it pointless on phones. As switching between the IPs manually is too much for average Joe.

    You're talking about fallback mode here yeah? (The thread was originally about running as a service, or is the service the GUI installs currently what handles fallback mode? If it is, maybe it should be part of the proxy with a flag to enable checking?) I actually didn't think of fallback mode being adaptive for public wifi situations. So if I instal DNSCrypt on laptops and enable fallback mode the user will be able to login/register to the wifi and after that DNSCrypt will take over again?
     
    Last edited: Jul 28, 2012
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    It's actually funny. From time to time, my ISP stops Internet traffic and redirects clients to one of their pages where they advertise their other services, so that we upgrade to a better one. Recently, they started to drop DNS queries. The only way to be able to get my connection back is to actually say "No" or upgrade to whatever service they want me to upgrade to; but, I can only do this step if I disconnect and reconnect with their own DNS service. :(

    Who*** :ouch:
     
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Lol, if my ISP would start doing this, I would immediately cancel my subscription and go to another ISP.
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    You could do this with a batch file.
     
  8. jedisct1

    jedisct1 Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    39
    Location:
    San Francisco, CA
    Wow. Does that even happen when you're using dnscrypt (not on port 53)?

    But yeah, seriously, you'd better cancel your subscription. This is totally insane.
     
  9. jedisct1

    jedisct1 Registered Member

    Joined:
    Jul 7, 2012
    Posts:
    39
    Location:
    San Francisco, CA
    Sadly, even a simple on/off button would be a pain in the ass for a lot of users.

    The fallback thing is handled by a service the GUI installs.

    The proxy doesn't do that and will never do. Silently disabling the security just because a packet didn't get a reply would make useless.

    A fallback mechanism should probably be tightly coupled with the UI anyway. Like, before disabling dnscrypt, always ask the user. "Looks like you just connected to a new Wifi network, and their router is currently blocking everything except their captive portal. Would you like to temporarily disable dnscrypt so that you can enjoy commercials/give your credit card number/accept terms of service you didn't read just to eventually be able to connect?"
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    As I previously mentioned, I do have to reconnect using their own DNS, which means that dnscrypt gets disabled. So yes, it happens when I'm using dnscrypt over 443 UDP, which is to where the recent versions default to.

    Unfortunately, insanely or not, they're far from being the worst ISP. Others, like Vodafone, are worse. Vodafone actually restores Internet speed, once their traffic limit ends, ~ 3 weeks after a new month has begun, according to some of my friends and relatives who are their clients. o_O The one I'm using is actually decent in that aspect. I actually still get a nice speed, which is adequate for Internet use, I'd say... Not to mention the speed is restore in the first day of the new month. The only downside are the commercials.

    Any ISP/other kind of service will always try to get us into buying something better... so... :D
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Thanks for elaborating! Not sure a popup would be the best thing, not that I can think of anything better.
     
Loading...
Thread Status:
Not open for further replies.