Talk:DNSCrypt

Refs
User:2a01:e34:ec2d:b010:2041:cc56:1f8:992e As the only ref has been removed, saving this here How to Boost Your Internet Security with DNSCrypt. The fact that it's old and may be outdated is one thing, but currently the article has no refs so best to establish WP:N with something. Widefox ; talk 10:38, 29 January 2016 (UTC)

Main and Deployment sections
Added some more details on the protocol, its use, capabilities and deployment. Some links attached. Catwilmore (talk) 11:00, 11 September 2017 (UTC)

Should the words end-to-end security be replaced with End-to-end encryption (E2EE)?
The opening section states it doesn't provide end-to-end security. With these exact words. What is meant by end-to-end security? Should the words end-to-end security be replaced with End-to-end encryption (E2EE)? 176.12.186.116 (talk) 05:13, 9 July 2023 (UTC)


 * Good question! Right now the statement is Though it doesn't provide end-to-end security, it protects the local network against man-in-the-middle attacks, with a reference to the GitHub proxy software page. There are one obvious issue: the proxy page has no mention of neither MITM nor "end-to-end security". That means the sentence can just be removed, but maybe we can salvage some meaning and get a better source.
 * Now let's guess at what the big words mean, specifically which the "ends" were meant to be. Does DNSCrypt prevent MITM? Yes, but only for the part between the user and the recursive resolver (OpenDNS, Quad9, whoever). So maybe "end-to-end" refers to "from the user all the way to the authoritative nameserver" or something to that effect.
 * Or we could ask the person who wrote it: Special:Diff/800074000. User:Catwilmore, uhhhhh any words on what you mean? Artoria2e5 🌉 03:14, 19 January 2024 (UTC)
 * Hmm... there seems to be no official mention of a MITM anywhere in the DNSCrypt documentation, even though it's obvious that the encryption and authentication is there to prevent eavesdropping and tampering (neither word is found in official documentation either, as far as DuckDuckGo says). Guess it's time to exercise some terrible "sourcing liberties". Artoria2e5 🌉 03:21, 19 January 2024 (UTC)

Listing dnscrypt port as 53 vs 443
A user recently changed text to indicate that dnscrypt uses port 53 and not 443 (it has been reverted). The dnscrypt protocol uses port 443. The confusion may have been because a dnscrypt proxy server listens for normal non-encrypted dns queries on port 53. This page is about the dnscrypt protocol, not dnscrypt-proxy or any other software that implements both unencrypted and dnscrypt dns protocols. Johngreth (talk) 13:54, 4 July 2024 (UTC)