[vavrusa]

This is interesting as a lighter alternative to DNS over Tor. Where is the padding going to be? Basic clients won't add EDNS padding by default, but intuitively there has to be padding somewhere. It reminds me of https://odns.cs.princeton.edu (I haven't seen a working implementation of that one yet). The most difficult challenge is how to present the ultimate choice - use the relay and maybe get slower Internet, or don't use the relay and maybe get tracked. What hasn't been much explored yet is using resolvers just to obtain the delegation (nobody needs to know who the client is for that), but that itself is not without problems.

[jedisct1]

Indeed, we will need to make a choice between minimizing latency or using a relay.

But a lot of people use DNS over Tor already. For people concerned about privacy, a bit of extra latency is totally acceptable.

Anonymized DNSCrypt is lighter than Tor, has a very clear security model, and relays are less vulnerable to abuse than Tor exit nodes.

The server/relay part is going to be implemented in https://github.com/jedisct1/rust-dnscrypt-server

[jedisct1]

The underlying DNSCrypt protocol does the padding already: https://dnscrypt.info/protocol

DNS queries and responses are wrapped, they are never modified. EDNS padding is a horrible hack.

[vavrusa]

That's good, I missed that. Thanks for highlighting the project, I'll keep an eye on it!