im not trying to achieve adblocking, i am trying to achive privacy and security with dnssec and malware filtering, quad9 is perfect for this and is a non profit company that i would not even compare to clouldflare, cloudflare is a for profit who runs most of the web and chooses to shutdown sites if they are pressured by the controlling elite, i could list many reasons to avoid cloudflare but they are all off topic here
edit: also The auditor was KPMG, and Cloudflare paid them for it. So, third party? Yes. Independent or objective? No.
it does seem im putting more thought into this then most do, but with as many options as are available todo this it only seems right todo my research and i was hoping to fine someone who uses dnscrypt https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-on-OpenWrt
i was also hoping to find someone who could compare the pros and cons on the different methods, or possibly suggest something new i had not heard of like Oblivious Doh
i disagree, i have been working on privacy for years now and DNS is by far the most useful adjustment that can be made, before i was using my isp with no filtering and no dnssec, that is bad, now im learning that i can encrypt that dns traffic and even might try anonymized dns or Oblivious DoH and if i can get that to work with ECH that is a damn good improvement to my privacy and security preventing many different types of attacks, i also use full disk encryption and secure boot with DMA protection and IOMMU and a nitro key with my immutable OS fedora silverblue, i use flatpaks sealed by flatseal, i use vlans for my security systems, i use pgp for my sensitive communications, my router is only accessible from one pc thru ssh and my ssh keys are stored in my keepassXC, i use a very hardened version of firefox with ublock or librewolf, i made my own wireguard vpn on a dirt cheap vps, thinking about switching to SPN instead, i use tails or tor when needed, once i figure out DNSCrypt v2 the only thing left for me todo would be switch to qubes with coreboot and buy a next gen firewall with IPS and EDR https://dnscrypt.info/faq/
that site breaks down the pros and cons of each, i decided for me dnscrypt was the best but i have not got it working yet, hopefully today i will make time to try it again
The entire web browser development community and IEEE seems to disagree with you on this one. It's standard now on most browsers. Encrypting DNS is obviously privacy related.
I said MAC address - not IP address. Although it doesn't really matter I suppose as IP address is used to track you as well.
I still never referred to IP address. I am referring to LAN MAC address on a computer (using macchanger). Changing your MAC address obviously helps improve your privacy as does changing your IP. Neither are complete solutions, just one of many steps you can take.
IP address = layer 3. MAC address = layer 2.
You will never have total privacy in a system not designed for it. Historically IP/DNS and HTTP security was so bad or non-existent that these are all band-aid solutions added nearly 50 years after the fact. The good old days?
encrypted DNS is rather related to security. automatically without asking for consent sending dns queries to a hand picked provider is not assuring privacy.
so yes, from security point of view encryption is good, no bad actor will see what you're doing DNS wise, but still DNS upstream provider may log, track and sell your data regardless it is being sent over encrypted. so from privacy point of view it is still very much depending on the provider.
but the post you linked actually stating the same.
https://dnscrypt.info/faq/
this website made it pretty clear how much better DNScrypt is then the rest of the options, dnscrypt proxy 2 is the route i choose for my router, a member here perklesimon helped me to find my mistake, i got it working now with quad9 and im going to look at anonymous dns next
anyone have any opinions on dns hijacking and whether or not i should use it with dnscrypt and a vpn
also do you guys turn off ipv6 at the router or do you run it thru dnscrypt or something else
Consider using a subset of the dnscrypt public proxy servers to rotate them via the .toml rather than all your queries going through quad9. I use a subset of all out of country dnscrypt public proxies.
Be aware that anonomizing your dns via relays will slow things down at times, significantly.