Android Security

DNSCrypt Proxy 2 for Android via Magisk Module available

Good news for security fans – I was already reporting that DNSCrypt Proxy v2 gets a second life – now Android also gets supported with an Magisk Module coded by bluemeda. The Module downloadable via the official Magisk Module Manager and the source code is available on GitHub.

DNSCrypt Proxy 2 for Android


First final version of DNSCrypt-proxy 2.0 is here – works great!

Damn, I must admit, the development of the new DNSCrypt-proxy 2.0 was really really fast and the new version works well, I tested it already like 3 hours and it definitely get my recommendation.



Simple DNSCrypt 0.4.5 alpha is here

Remember when I wrote about the DNSCrypt changes? The easiest installer is now back to Windows in its first alpha installer version for x64 users. It integrates the new and improved dnscrypt-proxy 2.0 version.



Back from the dead – DNSCrypt-Proxy v2

I wrote about the death of DNSCrypt and I recommend to use DNS-over-TLS which might be a thing, however the problem with DNS-over-TLS is that it leaks the hostname in plain text by the Server Name Indication (SNI) extension for TLS. This can be a problem and there will be no solution for it, the currently implementation of TLS-over-DNS is a bit tricky because not every server owner uses the RFC or he tries to ‘fix’ something which might break the connection, as a result you see often a disconnect or packages getting ‘lost’. That’s why stubby is unstable, cause every test server is nothing but that .. a test and there all more or less unstable for a daily usage.

Official DNSCrypt-Proxy 2 Logo

Working with Stubby under Windows

DNS-over-TLS rcently got hyped and I want to talk a little bit about it, the RFC exist since 2011 and there is nothing special about it, however there exist several clients to get it working on server or client side.

DNS Privacy Clients (Overview) Picture: DNS Privacy Project

DNSCrypt has been Abandoned

The maintainer of DNSCrypt stopped supporting it, closed the repository on GitHub and put the domain on sale. The repository has already been cloned and is now maintained by Dyne. Unfortunately, they do not plan to add any new features, so DNSCrypt is abandoned in favor of the “DNS over TLS” standard.

DNS over TLS

Security Tutorials

DNSCrypt Windows Guide

DNSCrypt is a software application for securing communications between a client (your own PC) and a DNS resolver (server).

Official SimpleDNSCrypt tool Logo

Which DNS Provider blocks the most?

A lot of people choosing a DNS provider to block malware or to bypass ISP DNS server-side restrictions but when it comes to blocking there is almost no documentation what exactly has been blocked. To answer this simple question, CryptoAUSTRALIA has now compared the threat-blocking performance of ten popular DNS providers. Suprisingly Norton ConnectSafe, SafeDNS and Strongarm have managed to block the largest number of harmful websites.

Which Provider blocks the most? Picture:

DNSCrypt explained – it won’t replace a VPN!

DNSCrypt is a protocol for securing a single hop during a DNS lookup. It allows you to authenticate that the packet you received from the DNS server you connected to is the one that it sent, and also encrypts it over that single hop.  Sadly there several people spreading false facts about DNSCrypt.

Some router firmware even support DNSCrypt directly

Please note that DNSCrypt is not a replacement for a VPN, as it only authenticates DNS traffic, and doesn’t prevent “DNS leaks”, or third-party DNS resolvers from logging your activity. The TLS protocol, as used in HTTPS and HTTP2, also leaks websites host.

– DNSCrypt page

For all the attention that HTTPS gets, I’m amazed how little (relatively speaking) attention plaintext DNS gets. Let’s check it!