Community discussions

 
ibeeby
newbie
Topic Author
Posts: 45
Joined: Tue Dec 12, 2006 8:49 am
Location: Matlock, England
Contact:

Feature request - DNSCrypt support...

Mon Jan 30, 2012 7:55 am

I'd be grateful if Mikrotik could consider adding DNSCrypt _urgently_ to the current and future versions of ROS.

DNSCrypt has been released by DYNDNS.org as open-source code and allows users to effectively wrap DNS requests to DYNDNS servers in an SSL layer. This significantly improves security for users in public networks but should also add security for businesses against eavesdropping and man-in-the-middle attacks.

Currently the only client support for DNSCrypt is an OS-X release from DYNDNS.org but as they have published the source code, it _must_ be straightforward for Mikrotik to add this as a package option.

All of my WAN facing Mikrotik routers use DYNDNS.org as their DNS servers as this allows free and effective filtering to avoid phishing sites and illegal content (which is flexibly adjustable by the user/manager).

Best Regards

Ian Beeby
 
User avatar
vetusa2
Member Candidate
Member Candidate
Posts: 122
Joined: Sat Jun 18, 2011 8:24 pm

Re: Feature request - DNSCrypt support...

Sun Feb 26, 2012 6:07 pm

i add my request too
 
dmitrik
just joined
Posts: 3
Joined: Sun Jan 06, 2013 1:37 pm

Re: Feature request - DNSCrypt support...

Sun Jul 14, 2013 7:28 am

I vote for DNSCrypt.
OpenDNS supports DNSCrypt. I use Mikrotik as DNS proxy to OpenDNS.
 
Shnatsel
just joined
Posts: 2
Joined: Tue Jan 21, 2014 5:43 pm

Re: Feature request - DNSCrypt support...

Tue Jan 21, 2014 5:48 pm

I'd also love RouterOS to support DNSCrypt!
Right now I have to run it locally on every machine on the network and reconfigure the network settings on every machine for every connection - which tedious and it's easy to miss a connection or a machine and then DNS goes in the clear again... EWWW.

If I could just get it on the router as a package all that hassle wouldn't be necessary!
 
Shnatsel
just joined
Posts: 2
Joined: Tue Jan 21, 2014 5:43 pm

Re: Feature request - DNSCrypt support...

Tue Jan 21, 2014 5:50 pm

I'd also love RouterOS to support DNSCrypt!
Right now I have to run it locally on every machine on the network and reconfigure the network settings on every machine for every connection - which tedious and it's easy to miss a connection or a machine and then DNS goes in the clear again... EWWW.

If I could just get it on the router as a package I could get rid of all that hassle with manually editing every single connection on every single machine!
 
chrismfz
just joined
Posts: 13
Joined: Sat Apr 07, 2007 6:27 am
Contact:

Re: Feature request - DNSCrypt support...

Sat Feb 22, 2014 3:29 pm

That's old but hey.. never give up!

It should be great. Selecting already existing DNSes like cloudns or dnscrypt.eu or opendns
(or adding ours) would be great too. :D
spending power and $ to have always-on an old hardware server only for dns or running the dnscrypt-proxy anywhere when we got mikrotik it's a torture.

(Especially when there are devices that can't support it like cellphones, or in points which you offer wifi / internet and you want all dns traffic forced to dnscrypt)
 
nosovk
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Jan 25, 2012 11:25 am
Location: Ukraine
Contact:

Re: Feature request - DNSCrypt support...

Sat Mar 01, 2014 9:23 pm

it would be nice option :)
Аренда Програмного обеспечения
https://www.CloudZZ.com
Микротики на Украине оптом
mikrotik.kharkov.ua
 
pdf
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sun Feb 12, 2006 11:56 pm

Re: Feature request - DNSCrypt support...

Wed Mar 26, 2014 1:59 pm

I agree it would be nice to have it somewhere in the future
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Feature request - DNSCrypt support...

Thu May 22, 2014 10:25 pm

Add me to the list. Right now I keep a little 1U Atom box just for running things like DNSCrypt. I'd love to move that to my CCR1016
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
tweetyspn
just joined
Posts: 14
Joined: Wed Jul 13, 2011 10:48 pm

Re: Feature request - DNSCrypt support...

Sat Jun 28, 2014 1:41 pm

Totally agree, nice feature!
 
andryan
newbie
Posts: 33
Joined: Fri Nov 30, 2007 10:33 pm
Location: Jakarta, Indonesia
Contact:

Re: Feature request - DNSCrypt support...

Thu Oct 09, 2014 9:49 am

+1

Would be really useful to bypass DNS-based censorship
 
kurlais
just joined
Posts: 1
Joined: Thu Oct 09, 2014 10:52 am

Re: Feature request - DNSCrypt support...

Thu Oct 09, 2014 10:56 am

be fine, if version 7 will support ikev2 vpn.

that is to use blackberry z10
 
alexkuzko
just joined
Posts: 3
Joined: Wed Oct 29, 2014 1:35 pm

Re: Feature request - DNSCrypt support...

Sun Dec 07, 2014 11:43 pm

Vote for this as well! Currently there is no proper method and using metarouter is too complex/heavy.
 
Solaris
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Thu Apr 29, 2010 5:05 pm

Re: Feature request - DNSCrypt support...

Sun Apr 12, 2015 1:10 am

+1 for dnscrypt!
 
bloodroses
just joined
Posts: 2
Joined: Sun May 17, 2015 11:37 am

Re: Feature request - DNSCrypt support...

Sun May 17, 2015 11:38 am

+i it should have, security at first position !
 
shaneau
just joined
Posts: 12
Joined: Sun Jul 04, 2010 6:31 am

Re: Feature request - DNSCrypt support...

Fri Jun 19, 2015 10:26 am

Would be a welcome addition to routeros.
 
nemke
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Jul 31, 2014 2:52 am

Re: Feature request - DNSCrypt support...

Mon Jun 22, 2015 1:35 am

+1 for dnscrypt!
 
etm7469
just joined
Posts: 6
Joined: Wed Apr 22, 2015 10:28 pm
Location: Poland

Re: Feature request - DNSCrypt support...

Sat Aug 08, 2015 9:55 pm

+1 for dnscrypt!
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 956
Joined: Fri May 26, 2006 1:25 am

Re: Feature request - DNSCrypt support...

Fri Aug 14, 2015 6:13 pm

this would be Amazing if ROS supported DNSCrypt. would really open up alot of potentail buyers to ROS just for this one feature in a home router that doesnt require alot of linux+setup.

tks
:beep :beep :beep
 
nemke
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Thu Jul 31, 2014 2:52 am

Re: Feature request - DNSCrypt support...

Sat Aug 15, 2015 7:17 pm

+1 for DNSCrypt support...
 
bhorrock
just joined
Posts: 3
Joined: Sun Jun 10, 2012 6:47 pm

Re: Feature request - DNSCrypt support...

Fri Aug 21, 2015 3:53 pm

+1 for DNSCrypt !!
 
minjun
just joined
Posts: 3
Joined: Tue Jul 07, 2015 9:17 am

Re: Feature request - DNSCrypt support...

Fri Sep 04, 2015 9:59 am

+1 for DNSCrypt.
 
User avatar
michaeln416
just joined
Posts: 14
Joined: Mon Dec 01, 2014 5:03 am
Location: Ontario, Canada

Fri Sep 04, 2015 2:48 pm

+1 for DNSCrypt !!

Sent from my Nexus 5 using Tapatalk
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request - DNSCrypt support...

Tue Sep 08, 2015 4:23 pm

do its better than DNSCurve ?
or just another, proprietary implementation/port of ?
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: Feature request - DNSCrypt support...

Mon Nov 09, 2015 12:56 pm

+1 for DNSCrypt.

When ?
 
pidybi
just joined
Posts: 2
Joined: Wed Nov 25, 2015 11:02 pm

Re: Feature request - DNSCrypt support...

Wed Nov 25, 2015 11:10 pm

+1 for DNSCrypt
+1 ;)

currently I'm using dnscrypt-proxy by Cisco on Tomato and my log is:
Nov 24 00:03:12 | daemon.notice dnscrypt-proxy[1099]: Starting dnscrypt-proxy 1.4.1
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1099]: Initializing libsodium for optimal performance
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1099]: Generating a new key pair
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1097]: Server certificate #143xxx4751 received
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1097]: This certificate looks valid
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1097]: Chosen certificate #143xxx4751 is valid from [2015-07-03] to [2016-07-02]
Nov 24 00:03:12 | daemon.info dnscrypt-proxy[1097]: Server key fingerprint is xxx9:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:Fxxx
Nov 24 00:03:12 | daemon.notice dnscrypt-proxy[1097]: Proxying from 127.0.0.1:40 to 208.67.220.220:443
:)
pd
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request - DNSCrypt support...

Mon Dec 28, 2015 8:42 pm

+1 for DNSCrypt
)
i think you missed whole point of suggested by OP,changes/features, ie ability to do it Without tunnels of Any kind.
otherwise you can "anything over VPN" around Globe, anyway, but its eventually consume Lot more resources and attract Lot more /unwanted/redundant/ attention.
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1280
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Feature request - DNSCrypt support...

Tue Dec 29, 2015 9:05 am

i think you missed whole point of suggested by OP,changes/features, ie ability to do it Without tunnels of Any kind.
otherwise you can "anything over VPN" around Globe, anyway, but its eventually consume Lot more resources and attract Lot more /unwanted/redundant/ attention.
No one said anything about tunnels or VPN. He said that he was using DNSCrypt-Proxy on tomato for his DNS. Just as many of us are. The whole point of DNSCrypt is to send the DNS through an encrypted tunnel.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request - DNSCrypt support...

Tue Dec 29, 2015 10:05 pm

i think you missed whole point of suggested by OP,changes/features, ie ability to do it Without tunnels of Any kind.
otherwise you can "anything over VPN" around Globe, anyway, but its eventually consume Lot more resources and attract Lot more /unwanted/redundant/ attention.
No one said anything about tunnels or VPN. He said that he was using DNSCrypt-Proxy on tomato for his DNS. Just as many of us are. The whole point of DNSCrypt is to send the DNS through an encrypted tunnel.
yes, but low-overhead "embedded" implementation. similarly - nobody would call SSH "tunnel" instead of serious VPN's or atleast IPIP, EOIP, despite similarity.
 
MikroTikFan
Member Candidate
Member Candidate
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: Feature request - DNSCrypt support...

Thu Jan 07, 2016 12:37 am

Please consider that DSNCrypt can use a lot of resolvers in different part of the World without establishing payed commercial VPN.

https://github.com/jedisct1/dnscrypt-pr ... olvers.csv

Please keep in mind also that for some solutions with big traffic you don't need to use VPN which is quite heavy traffic for you router instead of this using just only DNSCrypt.

I think that this feature will be very usefull and rest of routers solutions support DNSCrypt ;-)
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature request - DNSCrypt support...

Tue Jan 12, 2016 2:55 am

I think that this feature will be very usefull and rest of routers solutions support DNSCrypt
i think too.
aswell as "next-gen" things in that area, that already emerged and ought to replace DNSCrypt. aside mentioned above DNSCurve - there some other code, but somewhat unstable, yet in 1/3 of.
but what i don't think its this features - shouldn't be part of "default config" of DNS services(either MT implement it as part of Main DNS service or separate package).
 
prd0000
just joined
Posts: 6
Joined: Tue Apr 02, 2013 6:53 am

Re: Feature request - DNSCrypt support...

Tue Feb 02, 2016 9:31 pm

+1 this.
I would like DNS crypt too. Right now we maintain VPN connection to our headquarter across the globe just to get our DNS addresses securely. other option is to install a "heavy" 128MB RAM 8GB linux built solely for DnsCrypt. I would like to cut that and maintain our own secure DNS resolver, but spending unnecessary resource for that tiny function seems beyond logic.
 
User avatar
колбаскин
newbie
Posts: 37
Joined: Tue Mar 29, 2016 6:36 pm
Location: Ukraine Zaporozhye
Contact:

Re: Feature request - DNSCrypt support...

Wed Mar 30, 2016 4:09 pm

+1 please add DNSCrypt support :)
Кое что для Mikrotik | hd.zp.ua - Запорожье ITшное.
 
arxont
just joined
Posts: 9
Joined: Fri Nov 02, 2012 11:45 am

Re: Feature request - DNSCrypt support...

Mon Apr 04, 2016 5:17 am

+1 vote to DNSCrypt
 
Micat
newbie
Posts: 30
Joined: Fri Jun 12, 2015 11:01 am

Re: Feature request - DNSCrypt support...

Fri May 20, 2016 1:31 pm

I vote for DNSCrypt
 
Dok
just joined
Posts: 3
Joined: Thu Jun 04, 2015 12:00 pm

Re: Feature request - DNSCrypt support...

Thu May 26, 2016 1:42 pm

+1 for DNSCrypt
 
thevoidnn
just joined
Posts: 1
Joined: Thu May 26, 2016 4:27 am

Re: Feature request - DNSCrypt support...

Wed Jun 01, 2016 10:00 am

+1 for DNSCrypt
 
flexus
just joined
Posts: 22
Joined: Wed Feb 16, 2011 11:35 pm
Location: Ukraine

Re: Feature request - DNSCrypt support...

Sat Jun 18, 2016 11:18 pm

+1, vote for dnscrypt.

This already supports Tomato and OpenWRT! Need it in RoS :)

https://dnscrypt.org/#dnscrypt-routers
 
User avatar
irghost
Member Candidate
Member Candidate
Posts: 274
Joined: Sun Feb 21, 2016 1:49 pm
Contact:

Re: Feature request - DNSCrypt support...

Sun Jun 19, 2016 12:53 am

+1, vote for dnscrypt.
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
میکروتیک فا برای فارسی زبان ها
Mikrotik Certified Consultant
https://mikrotikfa.com
 
SystemErrorMessage
Member
Member
Posts: 378
Joined: Sat Dec 22, 2012 9:04 pm

Re: Feature request - DNSCrypt support...

Mon Jul 11, 2016 12:11 am

Wow, this thread was started years ago and still mikrotik hasnt implemented this. +1 for this feature to overcome ISP DNS hijacking as this has been an issue for me. Please implemented as soon as possible, the implementation is already available from github so all that remains is for mikrotik to adapt it to routerOS.

I know mikrotik is focused on being a good router but DNScript is a network related feature that is very beneficial so please add this. Im not expecting an all in one router from mikrotik but i want all in one when it comes to network features, i want snort and an antivirus on routerOS as well.
 
ChangzhouC
just joined
Posts: 3
Joined: Sat Jul 16, 2016 6:29 pm

Re: Feature request - DNSCrypt support...

Sat Jul 16, 2016 6:31 pm

+1 for DNSCrypt
 
User avatar
wirSeefahrer
just joined
Posts: 11
Joined: Tue Jul 26, 2016 12:52 pm

Re: Feature request - DNSCrypt support...

Tue Jul 26, 2016 12:59 pm

+1 for DNSCrypt

That would be a really great feature to have even in countries like Sweden. :-)
 
Jacquesvw
just joined
Posts: 7
Joined: Fri Jun 03, 2011 5:21 pm

Re: Feature request - DNSCrypt support...

Thu Aug 18, 2016 6:53 am

+1 for DNScrypt
 
User avatar
chebedewel
just joined
Posts: 4
Joined: Tue Feb 02, 2016 6:41 am
Location: Noumea
Contact:

Re: Feature request - DNSCrypt support...

Wed Sep 21, 2016 1:03 am

A nice feature indeed, it could be added along with DNSSec support
Bertrand Cherrier
MTCNA - MTCTCE
_______________________________________________________
MikroTik Consultant & Distributor for New Caledonia
 
chrisk8er
just joined
Posts: 1
Joined: Sun Nov 13, 2016 3:08 pm

Re: Feature request - DNSCrypt support...

Sun Nov 13, 2016 3:11 pm

+1 for DNScrypt 8)
 
User avatar
agix
just joined
Posts: 2
Joined: Mon Aug 17, 2015 2:46 am
Location: Indonesia

Re: Feature request - DNSCrypt support...

Sun Nov 13, 2016 3:41 pm

Vote for DNSCrypt yeaa...!!!
 
SaeedYa
just joined
Posts: 17
Joined: Fri Jan 14, 2011 9:01 am

Re: Feature request - DNSCrypt support...

Thu Nov 24, 2016 10:45 am

+1 for Dns crypt
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23946
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request - DNSCrypt support...

Thu Nov 24, 2016 10:48 am

Doesn't this supersede DNScrypt, plus, is now an accepted standard? https://tools.ietf.org/html/rfc7858

But it is still a very fresh RFC
No answer to your question? How to write posts
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re: Feature request - DNSCrypt support...

Sun Dec 18, 2016 11:05 pm

Thanks, this is the first time ive seen this RFC being mentioned. Thank you.

I was about to say +1 for adding this feature but to also to allow for custom dnscrypt installs (i.e support custom provider-key, provider-name and providor address) as a lot of us don't use OpenDNS or any other open public server(s). Some of us run our own dns inferstructure which we also have dnscrypt support.

However now that I know they are working on something, I will start investigating when bind/unbound etc will get this support (out of the box). Hopefully soon, meanwhile I would say that dnscrypt support would really help many of us to add to your existing products as a lot of customers use this and with the new laws recently announced, more and more will be jumping onto the boat to use encryption everywhere.

FYI: https://github.com/jedisct1/dnscrypt-proxy is the source(s) you need.

This is all you need (client wise), so if mikrotik had this support as in binary/package, it would solve our issues or we are forced to run additional hardware to support this in our networks i.e. rpi, nas etc assuming soho user here.

Thanks for the heads up btw.

Regards.
 
User avatar
mtivi
Trainer
Trainer
Posts: 7
Joined: Mon Oct 03, 2016 5:54 pm
Location: Russia, Perm
Contact:

Re: Feature request - DNSCrypt support...

Sat Jan 07, 2017 11:49 pm

+1
Would be very usefull in Russia, for example
Network engineer in big ISP. GNU/Linux user. MikroTik TRAINER

Who is online

Users browsing this forum: No registered users and 6 guests