With the recent announcement of a (they say) privacy oriented DNS server at Cloudflare (it was announced on April 1, so IDK, maybe it’s a joke, but it doesn’t seem to be), I became interested in this as a further method for improving privacy.
Additionally, in my reading, some ISPs do DNS cache poisoning regardless of whether you use a different DNS server. I thought DNSSEC should mitigate this? It looks like Google’s DNS over HTTPS provides DNSSEC as well. No mention whether Cloudflare does DNSSEC.
I’m wondering, if kresd doesn’t support dns over https, will it support it at some point in the future?
Meanwhile. . . There is a https_dns_proxy package available which is configured by default to use Google’s DNS servers plus some others. Of course, Cloudflare offers their own at 18.104.22.168.
I’ve set up in the https_dns_proxy package in Omnia and it looks like once https_dns_proxy is started, I would only need to set
option dns '127.0.0.1#5053'in
/etc/config/network. Since this would be a change in the network config, will I need to restart the network
Is restarting the resolver the only thing that needs to happen
I could just edit
/tmp/resolv.conf (in my case). If you’re using the default,
Since my resolv.conf only contains 127.0.0.1 as a nameserver I assume that kresd has built it’s own cache by going to the root servers. Is this an incorrect assumption? Or does kresd use
/tmp/resolv.conf.auto in spite of
/etc/resolv.conf pointing to
/tmp/resolv.conf which sits on it’s own (is not linked to