Hi. We've been revisiting encrypted DNS options lately.
DNS-over-TLS seems simple enough. stunnel proxies on port 853 are rolling out to all VPN servers and should become available within the next days. The certificates are currently signed by our own private CA.
DoT is already supported by general resolver software like unbound and knot-resolver, so you can encrypt all your system's DNS request, not just those sent by the browser.
Support for opportunistic privacy (i.e. trying TLS on port 853 first with plain DNS on port 53 as fallback) to nameservers provided by DHCP or OpenVPN isn't great yet but I'd expect it to improve eventually.
Android Pie is apparently already
implementing it.
Trackstop has beend amended to also intercept DoT-Requests and redirect them locally, if any filters are enabled.
Here's an example configuration snippet for
unbound with static addresses and no certificate validation (yet):
Code:
ssl-upstream: yes # use with unbound versions < 1.7, affects all upstream queries
forward-zone:
name: "."
forward-first: no
#forward-ssl-upstream: yes # use with unbound versions >= 1.7
# zurich2
forward-addr: 80.255.7.94@853
forward-addr: 2a01:4a0:3b::13@853
# basel1
forward-addr: 82.199.134.174@853
forward-addr: 2a01:4a0:18::13@853
DNS-over-HTTPS is another beast as it allows multiple different message formats and involves more parsers and experimental code. I don't know yet whether or when we might offer DoH.
Now, is it at all useful to encrypt DNS requests from your computer to a resolver? Maybe.
In most use-cases, the only plain DNS requests not sent through the VPN tunnel are those for the VPN server name. They don't leak much information because you're going to open a connection to the resolved address, anyway.
Further request are then sent through the tunnel and from there to a DNS resolver. Even if those requests were encrypted, the resolver still sends plaintext queries to the authoritative servers.
Also, DNS is usually only a precursor to a connection. Wherever you connect to, the DNS request is probably easy to guess.
Worse still, HTTPS might leak the hostname through SNI (although there is some talk in the IETF to obfuscate SNI in future TLS versions).