Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
In the public resolvers list are a lot of servers listed; but how can you be sure that they are not malicious? (Sorry if this is a dumb question, but i couldnt find anything about that)
Apparently local DNSSEC validation is not yet available for dnscrypt-proxy according to this. So DNSSEC may ensure that the recursive resolver (DNS server) has correct data but does not stop it from deliberately returning malicious data. The only solution i could think of is locally running a dnsmasq/... server with DNSSEC validation. But i dont think that every domain/zone supports DNSSEC yet. So it might not be fully effective. Even then it probably wouldnt be that performant.
Related posts
- Will Adguard support Anonymized DNSCrypt DNS Relays when using DNSCRYPT?
- Worth the read? ODoH (Oblivious DoH)
- What to do with your DNS when ODoH's Trust-Me-Bruh Model doesn't work for you
- Installing DNSCrypt-Proxy on Silverblue - possible SELinux issue
- SmartDNS – local DNS server that forwards to multiple upstream DNS servers