Community discussions

 
User avatar
cREoz
just joined
Posts: 10
Joined: Wed Sep 04, 2013 9:51 pm

Re: Feature request - DNSCrypt support...

Sun Jul 08, 2018 8:37 pm

+1 for DNSCrypt support
 
mlenhart
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Oct 30, 2017 11:30 pm

Re: Feature request - DNSCrypt support...

Sun Jul 08, 2018 10:36 pm

+1 for DNSSec/DNSCrypt
 
cavok
just joined
Posts: 9
Joined: Tue Feb 12, 2013 9:14 am

Re: Feature request - DNSCrypt support...

Mon Jul 09, 2018 2:00 am

I'm using dnscrypt via a raspberry in combination with pi-hole and OpenDNS. Works perfectly for alle my internal clients and I dont have to use a dnscrypt proxy on every mashine. If anyone is interested in configuring it (especially as their are some compatibility tricks you have to be aware of) I can provide you a the required steps to make it work :)
Would love to get this info, please.
 
vladvalmont
just joined
Posts: 1
Joined: Tue Jul 10, 2018 6:17 pm
Location: Saint Petersburg, Russia

Re: Feature request - DNSCrypt support...

Tue Jul 10, 2018 6:23 pm

+1 for DNSCrypt support
 
foxxiu7
just joined
Posts: 5
Joined: Sun Aug 25, 2013 3:30 am

Re: Feature request - DNSCrypt support...

Wed Jul 11, 2018 2:35 am

I'm using dnscrypt via a raspberry in combination with pi-hole and OpenDNS. Works perfectly for alle my internal clients and I dont have to use a dnscrypt proxy on every mashine. If anyone is interested in configuring it (especially as their are some compatibility tricks you have to be aware of) I can provide you a the required steps to make it work :)
Would love to get this info, please.
I'm also interested how to add DNSCrypt support on the RPi as currently I'm using two MikroTiks and RaspberryPi with pi-hole and OpenDNS.
 
User avatar
Anastasia
just joined
Posts: 22
Joined: Wed Oct 28, 2015 7:12 pm

Re: Feature request - DNSCrypt support...

Sat Sep 15, 2018 8:41 pm

+1 for DNSCrypt support
 
MikroRouter
just joined
Posts: 12
Joined: Wed Nov 02, 2011 11:00 am

Re: Feature request - DNSCrypt support...

Thu Oct 04, 2018 11:40 am

Hope this can be implemented soon...
 
thief
just joined
Posts: 2
Joined: Mon Oct 08, 2012 10:13 am

Re: Feature request - DNSCrypt support...

Mon Oct 08, 2018 7:47 am

+1 for DNSSec/DNSCrypt
 
User avatar
Kamaz
just joined
Posts: 21
Joined: Sun Apr 30, 2017 9:35 am

Re: Feature request - DNSCrypt support...

Tue Oct 09, 2018 8:39 pm

+1 for DNSSec/DNSCrypt
 
Azure
just joined
Posts: 4
Joined: Fri Dec 23, 2016 10:49 pm

Re: Feature request - DNSCrypt support...

Wed Oct 10, 2018 2:31 pm

Doesn't this supersede DNScrypt, plus, is now an accepted standard? https://tools.ietf.org/html/rfc7858

But it is still a very fresh RFC
Yes! This!
DNScrypt is great and all... But I'd like to see DNS-TLS as Quad9 supports it.
In the end, either is better than neither!

https://www.quad9.net/faq/#Does_Quad9_s ... S_over_TLS
 
skiif
just joined
Posts: 1
Joined: Thu Oct 25, 2018 9:17 am

Re: Feature request - DNSCrypt support...

Thu Oct 25, 2018 9:23 am

+1 for DNS-over-TLS as it's an IETF approved standard, but of course DNScrypt and DNS-HTTPs also will be very appreciated.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8177
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature request - DNSCrypt support...

Thu Oct 25, 2018 11:55 am

DNS over TLS is now supported both by CloudFlare (1.1.1.1) and Google (8.8.8.8), so looks like it's time =)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Joni
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: Feature request - DNSCrypt support...

Thu Oct 25, 2018 12:54 pm

DoH is incompatible with the basic architecture of the DNS because it moves control plane (signalling) messages to the data plane (message forwarding), and that's a no-no.
https://www.theregister.co.uk/2018/10/2 ... _standard/
 
nimbo78
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Tue Jan 14, 2014 9:09 pm

Re: Feature request - DNSCrypt support...

Sun Oct 28, 2018 2:00 pm

DNS over TLS is now supported both by CloudFlare (1.1.1.1) and Google (8.8.8.8), so looks like it's time =)
+1
 
estas
just joined
Posts: 3
Joined: Sat Nov 03, 2018 8:34 pm

Re: Feature request - DNSCrypt support...

Wed Nov 28, 2018 4:21 pm

+1 for DNS-over-TLS and DNSCrypt!
and also waiting UDP Proxy...
 
xkubus
just joined
Posts: 4
Joined: Sun Dec 11, 2011 7:49 pm

Re: Feature request - DNSCrypt support...

Mon Jan 07, 2019 10:38 am

+1 Please!
 
EvgeniyV
just joined
Posts: 1
Joined: Sun Oct 28, 2018 5:49 pm

Re: Feature request - DNSCrypt support...

Tue Jan 08, 2019 1:19 am

+1
interesting, how many people still have to write "+1" that this gave the result? :-?
 
User avatar
Kamaz
just joined
Posts: 21
Joined: Sun Apr 30, 2017 9:35 am

Re: Feature request - DNSCrypt support...

Mon Jan 14, 2019 11:30 am

Google provides DNS-over-TLS https://developers.google.com/speed/pub ... s-over-tls from January 2019,
also it provides DNS-over-HTTPS https://developers.google.com/speed/pub ... over-https from September 2018.
 
User avatar
cgood
just joined
Posts: 22
Joined: Sat May 31, 2014 4:01 pm
Location: Russia, Sochi
Contact:

Re: Feature request - DNSCrypt support...

Mon Jan 14, 2019 12:04 pm

+1
interesting, how many people still have to write "+1" that this gave the result? :-?
Topic started at 30 Jan 2012 09:55 ... we wait for a miracle
  • MTCNA 99% '17
    MTCRE 89% '17
    MTCTCE 89% '18
 
User avatar
vecernik87
Member
Member
Posts: 454
Joined: Fri Nov 10, 2017 8:19 am

Re: Feature request - DNSCrypt support...

Mon Jan 14, 2019 1:59 pm

Topic started at 30 Jan 2012 09:55 ... we wait for a miracle
No. It just proves how futile is the idea of implementing nonstandard or nonstable technologies - they are gone withing few years. Where is DNScrypt today? Is it massively accepted? No. If mikrotik implemented it back then, it would be enormous waste of time.
Wait for standardized solution which is widely accepted. Then ask for support and you got at least a chance...
 
User avatar
cgood
just joined
Posts: 22
Joined: Sat May 31, 2014 4:01 pm
Location: Russia, Sochi
Contact:

Re: Feature request - DNSCrypt support...

Mon Jan 14, 2019 9:39 pm

Topic started at 30 Jan 2012 09:55 ... we wait for a miracle
No. It just proves how futile is the idea of implementing nonstandard or nonstable technologies - they are gone withing few years. Where is DNScrypt today? Is it massively accepted? No. If mikrotik implemented it back then, it would be enormous waste of time.
Wait for standardized solution which is widely accepted. Then ask for support and you got at least a chance...
ovpn UDP support may be too "enormous waste of time"?
  • MTCNA 99% '17
    MTCRE 89% '17
    MTCTCE 89% '18
 
poizzon
Member Candidate
Member Candidate
Posts: 112
Joined: Fri Jun 21, 2013 12:53 pm

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 2:36 am

+10
--
poi
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8177
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 8:28 am

+10
+10 to "enormous waste of time"? :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23808
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 8:45 am

Instead of wordless pluses, how about a discussion on TLS vs HTTPS.
TLS gives you a specific port and capability to filter and NAT etc. HTTPS gives you more security, but also the inability to catch this traffic as an administrator. More aspects?
No answer to your question? How to write posts
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8177
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 1:43 pm

HTTPS gives you more security
Huh?..
inability to catch this traffic as an administrator
Well, as it was earlier - by IP address :)

But generally yes - it's harder for your ISP to block/redirect DoH than DoT as it uses shared port number (443).
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23808
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 2:24 pm

Huh? Since DNS over HTTPS uses port 443 and there is no visual difference in traffic type, admin can't intercept or block this traffic (except by destination address).
No answer to your question? How to write posts
 
User avatar
cgood
just joined
Posts: 22
Joined: Sat May 31, 2014 4:01 pm
Location: Russia, Sochi
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 3:20 pm

Huh? Since DNS over HTTPS uses port 443 and there is no visual difference in traffic type, admin can't intercept or block this traffic (except by destination address).
When will the DoH appear 😚? Когда же?
  • MTCNA 99% '17
    MTCRE 89% '17
    MTCTCE 89% '18
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8177
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 3:21 pm

What about SNI? :) ESNI is not on stage currently
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
cgood
just joined
Posts: 22
Joined: Sat May 31, 2014 4:01 pm
Location: Russia, Sochi
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 3:26 pm

At home i'm mangling DNS fwd+out connections and redirect to EU OVPN (CHR VPS), but DoH = peer-to-peer encryption & we all need it (=
  • MTCNA 99% '17
    MTCRE 89% '17
    MTCTCE 89% '18
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23808
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 3:29 pm

No answer to your question? How to write posts
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 255
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 4:36 pm

add DNSSEC features

Sent from my C6833 using Tapatalk

 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23808
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 4:43 pm

add DNSSEC features

Sent from my C6833 using Tapatalk
What does it mean?
No answer to your question? How to write posts
 
User avatar
ErfanDL
Member Candidate
Member Candidate
Posts: 255
Joined: Thu Sep 29, 2016 9:13 am
Location: IRAN
Contact:

Re: Feature request - DNSCrypt support...

Thu Jan 17, 2019 6:35 pm

add DNSSEC features

Sent from my C6833 using Tapatalk
What does it mean?
https://en.m.wikipedia.org/wiki/Domain_ ... Extensions

Sent from my C6833 using Tapatalk

 
anthonws
just joined
Posts: 3
Joined: Sat Jan 09, 2016 6:46 pm

Re: Feature request - DNSCrypt support...

Mon Jan 21, 2019 10:15 pm

Instead of wordless pluses, how about a discussion on TLS vs HTTPS.
TLS gives you a specific port and capability to filter and NAT etc. HTTPS gives you more security, but also the inability to catch this traffic as an administrator. More aspects?
Both would be the ideal scenario :) Naturally that I understand that there's budget/resources constrains and prioritization of features, and therefore that is not viable.

Using Mikrotik mainly as Home gear, my natural choice would be to go with DoH. But, since your main target is Enterprise then it makes sense to invest on the DoT first. I'm sure that the Home users/clients like me will be able to still use DoT.

Ultimately, one or the other will provide the additional security (with more or less controls) that the majority of your customers are looking for :)

What about SNI? :) ESNI is not on stage currently
Isn't that at the Browser level only?
 
anav
Forum Guru
Forum Guru
Posts: 1662
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Feature request - DNSCrypt support...

Tue Jan 22, 2019 4:31 pm

At a minimum, from a practical point of view, wouldn't it matter more that juniper, cisco, fortigate, zyxel etc......... started implementing such technologies.
Further if mikrotik saw a decrease in sales and an erosion in the current base to such vendors due to technology available elsewhere, then they would be forced to move.
However, that would be too late so it is a matter of timing besides the other usual suspects, money, human resources, code stability, hardware limitations.......

.
 
R1CH
Forum Veteran
Forum Veteran
Posts: 787
Joined: Sun Oct 01, 2006 11:44 pm

Re: Feature request - DNSCrypt support...

Wed Feb 13, 2019 12:41 pm

Instead of wordless pluses, how about a discussion on TLS vs HTTPS.
TLS gives you a specific port and capability to filter and NAT etc. HTTPS gives you more security, but also the inability to catch this traffic as an administrator. More aspects?
Why not both? Although DNS over HTTPS seems to be the way forward, very few providers are actually deploying DNS over TLS. As long as you maintain a persistent connection to the resolver, latency should be minimal.
 
User avatar
eworm
Member Candidate
Member Candidate
Posts: 240
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature request - DNSCrypt support...

Wed Feb 13, 2019 11:30 pm

At FOSDEM 2019 Daniel Stenberg (the maintainer of curl) had a talk about DNS over HTTPS - the good, the bad and the ugly. Very interesting topic and he scheds some light on DoT, DNScrypt, DNSsec & Co as well.

IMHO DoH is the way to go.
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts

Who is online

Users browsing this forum: No registered users and 6 guests