Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Dnsmasq vs. dnscrypt-proxy

+0
−0

I am trying to run a DNS server on my LAN. I set it up where:

  • Dnsmasq is the "initial" server that clients see
  • Dnsmasq resolves internal domains, and handles overrides (such as if I want to block an ad domain) via its dnsmasq.conf file
  • Dnscrypt-proxy also runs on the same machine, and dnsmasq forwards "normal" queries to it
  • Dnscrypt resolves domains using its normal methods

But, does it really make sense to run two DNS services? There seems to be a lot of overlap between what they do and I'm wondering if I'm just overdoing it for no reason.

Dnscrypt provides much better DNS security and privacy than others, so I want to use it for resolving regular domains. But dnsmasq is much easier to configure so I want to use it for caching and local domains.

Dnscrypt's docs claim that it has superior caching. Maybe they mean that its cache performance is higher, but I don't really care because the number of DNS queries I generate and their load on my server is pitiful anyway. From what I've seen in the configs the dnsmasq settings for caching are much more straightforward and powerful though.

Dnscrypt also doesn't provide as much control over resolving internal domains, and its query logging has worse usability.

History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

0 answers

Sign up to answer this question »