Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

cryptostorm dnscrypt servers

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.

Topic Author
BreadAndMilk
Posts: 2
Joined: Mon Jun 13, 2016 9:36 pm

cryptostorm dnscrypt servers

Post by BreadAndMilk » Mon Jun 13, 2016 10:10 pm

Sup CS folks, glad to have heard of you, I've read about some really interesting topics on your forums.

I have a few small questions/requests:
  • please tell me why your dnscrypt servers are not using DNSSEC, and especially why they are blacklisting advertising servers.
    I personally would like to be able to resolve certain doubleclick ip-addresses but they're nullrouted on your DNS servers (I don't have the same issue with the official DNSCrypt servers.
    Of course I could use a different DNS server for those, but what would be the point in entering every one of your blacklisted address each time I find out about them...
  • from time to time I can't resolve any address from your servers, this happens regularly for a short period of time - is that a known problem or am I the only one experiencing this issue?
Thanks a lot for your time reading my post, and please enjoy the rest of your day/night.

User avatar

parityboy
Site Admin
Posts: 1254
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm dnscrypt servers

Post by parityboy » Wed Jun 29, 2016 5:50 am

@OP

On your second point, I have this issue also. A connection can go "stale" and not want to resolve domains (or do anything else). Having said that, it does tend to happen after the connection has been up for a few days, so maybe I shouldn't really complain...


Topic Author
BreadAndMilk
Posts: 2
Joined: Mon Jun 13, 2016 9:36 pm

Re: cryptostorm dnscrypt servers

Post by BreadAndMilk » Sat Jul 02, 2016 3:16 pm

parityboy wrote:it does tend to happen after the connection has been up for a few days[...]
Thanks for your response!

Though, I don't have such a long connection usually, for me it seems to be completely unrelated to connection time.


msh97th6
Posts: 1
Joined: Fri Dec 02, 2016 1:02 pm

Re: cryptostorm dnscrypt servers

Post by msh97th6 » Fri Dec 02, 2016 1:11 pmGuest

Re: cryptostorm dnscrypt servers

Post by Guest » Tue Jan 10, 2017 10:40 am

Well, this post has been stagnant for just over a month now without any real answers. I'm not going to ask them again, I'll just refer to the OP's 2 questions (although I'm more curious about the DNSSEC question myself). :think:

User avatar

Redneck Ninja
Posts: 4
Joined: Wed Oct 28, 2015 8:04 pm
Contact:

Re: cryptostorm dnscrypt servers

Post by Redneck Ninja » Tue Jan 10, 2017 10:45 am

My apologies for posting this again (thought I was logged in when posting the first time). Like I was saying, this posting has been stagnant for just over a month now without any real answers. I'm not going to ask them again, I'll just refer to the OP's questions (although I'm mostly curious about the DNSSEC question myself). :think:
"Pop goes the weasel 'cause the weasel goes pop!" :lolno:

User avatar

parityboy
Site Admin
Posts: 1254
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm dnscrypt servers

Post by parityboy » Tue Jan 10, 2017 10:04 pm

Redneck Ninja wrote:My apologies for posting this again (thought I was logged in when posting the first time). Like I was saying, this posting has been stagnant for just over a month now without any real answers. I'm not going to ask them again, I'll just refer to the OP's questions (although I'm mostly curious about the DNSSEC question myself). :think:
I suspect the OP's second question has at least been partially answered here. It would appear to be related to stale sessions left hanging around on the token database.

As to the first question, I will say that the reason for null-routing ad servers is because many of them carry very nasty malware, for example many forms of ransomware. Re: DNSSEC I suspect it is not being used because it doesn't lend anything towards solving issues within the given threat model.

Post Reply