Hi so by testing out the dnscrypt-prx2 the setting : lb_strategy can be used to set to used only the 2 first dns of the detected and tested server. But, if you set to
= 'ph' you got a selection among the list, but when you do test out the dnsleak : i also got a 13dns server total, while some test site give 22. So about security, was it better to have a spread number of server instead of just 1 or 2 ?
Like if you set to used unbound with only 2 fix TLS server.. it could be the same as to just fit a custom list into dnscrypt-prx2. The later is far superior, but givin the number or dns.. 1-3-6.. is make any difference ? Or is many dns present can somehow be less secure and prone to a way to get our main ip ..?
And no, the isp is not present in the list, the dns leak definition is not there.
thanks
it<s with the ph option. by default it's p2 and give only 2 dns. the ph give 22 dns result in dnsleaktest. if set the option to single , i got just 1 dns server result.
So having 22 server.. what the impact is ?
If you're referring to the p2 option in dnscrypt, it picks random servers.
## Load-balancing strategy: 'p2' (default), 'ph', 'p<n>', 'first' or 'random'
## Randomly choose 1 of the fastest 2, half, n, 1 or all live servers by latency.
## The response quality still depends on the server itself.
# lb_strategy = 'p2'
## Set to `true` to constantly try to estimate the latency of all the resolvers
## and adjust the load-balancing parameters accordingly, or to `false` to disable.
## Default is `true` that makes 'p2' `lb_strategy` work well.
Correct, it seems you're describing the setting's normal behavior.
You tell us, it seems you configured it that way. In other DNS revolver software, the first reply (i.e. the fastest response) is used anyway - I assume it's the same with dnscrypt (per the documentation above). So I ask again:
And what DNS server(s) did you configure?
(If I'm misunderstanding, apologies - please clarify using full sentences.)
So here is the setting , but quite normal and no server added. I got 21 server reported in dnsleak.com and 6 at perfectprivacy, as their setting are different.
In sysLog, dnscrypt detect 68 live server.
root# head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv./
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 89.233.43.71
# Interface wan
nameserver 89.233.43.71
head: /tmp/resolv.*/*: No such file or directory
-=-=-=-=-=-=- While the resolv.conf.auto show something, it's also set to ignore by the dnscrypt setup. Ntwk/Dhcp/Resolv and host - Ignore resolve file : check