1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-27 14:12:09 +00:00

New note: choosing an encrypted dns proto

This commit is contained in:
Rohan Kumar 2023-11-18 19:30:46 -08:00
parent 2e78097035
commit 3c59f28acc
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479

View file

@ -0,0 +1,15 @@
---
title: "Choosing an encrypted DNS protocol"
date: 2023-11-18T19:30:46-07:00
---
The three most popular DNS protocols with transit encryption are DNS-over-HTTPS (<abbr>DoH</abbr>), DNS-over-TLS (<abbr>DoT</abbr>), and DNS-over-QUIC (<abbr>DoQ</abbr>). This should help you choose what to use:
1. Do you actually need to override OS DNS support? If not, or if you're unsure, go to 6.
2. Are you ready to implement DNS protocols correctly, or add a dependency that does so? If you're not, go to 5.
3. Does the network filter DNS traffic? If it does, go to 5.
4. Do you already have QUIC support? If not, **use DoT.** If you do, **use DoQ.**
5. Do you have an HTTPS stack? If you do, **use DoH**.
6. Give up and **delegate to the OS**.
Let your HTTPS stack handle HTTP/1.1 vs. HTTP/2 vs. HTTP/3 support; don't treat DNS-over-HTTP/3 as a separate protocol. I don't know enough about DNSCrypt to make an informed recommendation about it, but DoQ and DoH meet my needs well enough.