Which DNS Protocol should use?

  • DNSCrypt
  • DoH
  • DoT
  • Relay
  • Plain
  • Please add more if you know.

I use YogaDNS in Windows.


Dnssec isn’t something you can choose i would recomend dns over tls and don’t use yogadns

recomend dona over tls

Do you mean DoT?

don’t use yogadns

Can you tell me why?

I use NextDNS too.

Yoga is based on russia and the app isn’t open source use Unbound or stubby

DNSSEC not protocol its more like addon for security and yes you have to use it

DNScrypt, DoH, DoT all almost the same

also my recommendation use dnscrypt proxy :stuck_out_tongue:

As mentioned by the others, you confound things.

  • DNSSEC is a set of specifications to provide authenticity and integrity of DNS records. This means your DNS resolver can cryptographically prove that the DNS records it got are unchanged and authentic.
  • DNSCrypt/DoH/DoT are different approaches to provide confidentiality and integrity for DNS records. This means a third party can’t easily see what is sent between you and your DNS resolver.
  • The last two options (relay, plain) are obviously not related to security or privacy.

So, what should you do?

  • Look for a DNS resolver that supports DNSSEC.
  • Use either DoT (DNS-over-TLS) or DoH (DNS-over-HTTPS) to communicate with your DNS resolver.

In early 2019, we wrote a comprehensive blog article about DNS: https://infosec-handbook.eu/blog/hns5-dns-configuration/


I personally recommend dnscrypt-proxy as well. I have it setup on a spare pc as the first DNS server in my router so all devices use it. I tried unbound with stubby but found it very unstable on MacOS. Maybe on Linux it’s better. I am also trying NextDNS on one device.

I used NextDNS 2 month ago and I have just get YogaDNS from their setup guide.

Those technical terminology (DNSSEC, DNSCrypt, DoH, DoT, Relay, Plain) are from there.

Thanks @infosechandbook for your link.

Thank you all for your support.

1 Like