XPost: alt.windows7.general   
   From: jj4public@vfemail.net   
      
   On Wed, 1 Jan 2020 19:13:43 -0500, Mayayana wrote:   
   >   Anyone have experience with DNS over HTTPS or   
   > TLS? After trying several things I ended up with   
   > Unbound, but once I set up the config file it keeps   
   > quitting as soon as it starts. The error log has it   
   > saying "error in config file". Not much help. The   
   > config file is complex, not really documented, and   
   > samples I find online are conflicting.   
   >   
   >   Earlier I tried updating certs and IE on XP, so that   
   > I could use Acrylic, but that errors on a wininet call.   
   >   
   >   I like the idea of privacy for DNS, but the methods   
   > available seem to be immature and mainly only used by   
   > Linux admins with detailed knowledge of DNS and TLS.   
      
   The problem is likely what Char Jackson have mentioned. In short, a port   
   number can not have more than one listener. e.g. binding Acryllic and   
   Unbound to port 53 of IP 127.0.0.0. That would cause a conflict.   
      
   You can use Windows built in "Microsoft Loopback Adapter" virtual network   
   device(s) for each proxy. Then configure them and the system DNS setting   
   like a chain.   
      
   As for DNS privacy... I use DNSCrypt. It's an encrypting DNS proxy console   
   software which can use one or multiple remote DNSs (selectable; can be more   
   than two), so it provides additional layer of encryption. Remote DNSs can   
   either be unencrypted, DoH, TLS, or DNSSEC, but must be DNSCrypt compatible.   
   This makes sure that the ISP or any middle network nodes, only see encrypted   
   DNS query and response data even though unencrypted remote DNS is used.   
      
   https://github.com/DNSCrypt/dnscrypt-proxy   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)