<div dir="ltr">This is a great chance to plug DNSCrypt<div><br></div><div><a href="https://github.com/opendns/dnscrypt-proxy">https://github.com/opendns/dnscrypt-proxy</a></div><div><br></div><div>which is a simple and permanent fix for DNS privacy without any big hit on performance. It uses UDP 443 by default and picks one of OpenDNS' (or a selection of other providers') caches. I *think* its smart about location but I've not debugged (I don't have any issue with the resolution time).</div><div><br></div><div>It has one single knob (on OS X) to workaround captive portals (which does allow a MITM to forcibly downgrade security which is why I have the knob unset and deal with captive portals manually).</div><div><br></div><div>Regards,</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 5, 2015 at 11:31 AM, Ben Cooper <span dir="ltr"><<a href="mailto:ben@zeno.io" target="_blank">ben@zeno.io</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">side note: telstra block using any DNS but their on NextG as well, had to make scripts to switch off DNS settings when using telstra.</div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<p>Alastair Waddell<br></p>
<p>Legion Internet</p>
<p>Australia</p></div></div>
</div>