Hi everyone,
I have been using cloudflared for DNS-over-HTTPS for the past 5 years and it’s been working pretty well. One of the reasons for using it was because my ISP was hijacking my DNS queries and changing it to their own DNS server.
However, I saw this news where the proxy-dns feature in cloudflared is being closed and they are asking customers to shift to their WARP client instead.
I want to know what the community is using for encrypted DNS services (DoH, DoT, DoQ)
Thanks :)
I’ve been using Quad9 DoH for a few months now. Very happy with it so far.
AdGuard’s dnsproxy should fill the bill.
dnsproxy seems really good.
I’m checking their docker release (https://github.com/axeleroy/dnsproxy-docker/)
they have an official build too: https://hub.docker.com/r/adguard/dnsproxy
Another approach would be setting up your own recursive revolver with e.g. Unbound. It’s debatable whether it’s more or less private than using DoH etc but it would bypass the DNS tampering by your ISP at the least.
but it would bypass the DNS tampering by your ISP at the least
I doubt it because I could see that my ISP is doing a MITM attack on my DNS queries. Encryption is the only way.
they are asking customers to shift to their WARP client instead.
I just use WARP, and just send plain text DNS over it to 1.1.1.1. I believe this is superior to DoT or DoH, because the client don’t have to do any sort of handshake for each request and everything still goes over UDP while still being encrypted. If it’s setup correctly, one.one.one.one/help will say you’re using DNS over WARP.
Actually I’ve got a weird setup where I’ve converted the WARP client to a wireguard profile and I run it on my router, but only route 1.1.1.2 and 1.0.0.2 through WARP. That way I can still traceroute 1.1.1.1 while debugging my network.
