Request: DNSCrypt package for pfsense 3.3.3



  • A lot of ppl ( including myself ) has been waiting for a legit and proper DNSCrypt package for pfsense for a very long time now, are there any1 news on this happening anytime soon?



  • Agreed. I ran DNSCrypt on my previous firewall for a long time (through OpenDNS). I would definitely install a DNSCrypt package on my pfsense.



  • @swmspam:

    Agreed. I ran DNSCrypt on my previous firewall for a long time (through OpenDNS). I would definitely install a DNSCrypt package on my pfsense.

    Are there any other public DNS services that support DNSCrypt?

    For something like pfSense DNS Resolver (non forwarding) don't think it would be very useful until a lot of authoritative and root DNS servers support it.

    It would be nice if the DNS was encrypted though.  The DNSSEC thing is…

    • Overly complex
    • Too many links in the chain to fail
    • Bloatware (signed zones are huge)
    • Query response packets are huge.  Consuming orders of magnitude more bandwidth.  Making them much more attractive for DNS Amplified Reflective Exploit Attack (DNS AREA).

    I'm sure that is probably just scratching the surface.  Many of you probably know much worse things about DNSSEC.



  • There's already another thread for DNSCrypt so maybe post there instead…

    Other than that don't expect the pfSense devs to have any interest in DNSCrypt, they have already stated that they don't think DNSCrypt as a necessary addon for pfSense. However a community contributed DNSCrypt package is not outside of possiblities but someone (you?) has to step up and do the leg work.


Log in to reply