oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-08 05:19:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

more lines

Browse source
This commit is contained in:
cynthia 2025-06-02 21:42:00 +01:00
parent 52067c3c55
commit 157b5213bd
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
dnscrypt/index.md
View file

@ -14,10 +14,12 @@ This blogpost includes: DNS over TLS (DoT), DNS over HTTPS (DoH), DNSCrypt, DNS
### DNS over TLS (DoT)
![](1.png)
DNS over TLS is (one of) the first RFC-standard DNS encryption wrappers, wrapping the protocol around the Transport Layer Security, other than that, it's fairly simple. The problems that it has is that it has its own standard port number, which makes it easy to tell to a 3rd party that you are using DNS over TLS, and that it's slower, since it has to run over TCP rather than UDP.
### DNS over HTTPS (DoH)
![](2.png)
DNS over HTTPS is the more newer RFC-standard DNS encryption wrapper, which wraps the protocol around HTTPS and uses 443 on TCP. The benefits are about the same as DNS over TLS, except that the fact that DNS is transmitted over HTTPS makes the protocol much harder to block than DNS over TLS (DoT) due it blending in with regular HTTPS traffic. ISPs and DPIs have to resort to blocking IPs associated with common DoH servers (which does not block DoH as a whole).
### DNSCrypt