DNSCrypt vs DoH


Not strictly a SUSE question but I am looking at secure DNS lookups and it seems there are two significant protocols: DoH (DNS over HTTPS) and DNSCrypt. I am trying to work out the differences and various merits. It seems that HoT looks like HTTPS traffic so is very unlikely to get blocked. I would like to know anything more.


As in many cases Wikipedia is always a good starting point:


Or the DNSCrypt-proxy homepage




Thanks for the links. What I am kind of looking for people’s actual experiences and feedback at setting up any of the encrypted DNS services. What went well, what didn’t and what they might do differently.

Well, all i can say is i have DNSCrypt-proxy installed on my NAS and use it as lokal DNS-Server in my LAN (for about 4 years now). The setup was straight forward. The DNSCrypt-proxy home page provided all the information needed to get things going.

All my Firefox installations (openSUSE, Android, MS Windows) are set up to use DoH (with my preferred DNS-provider). And my Laptop (openSUSE Tumbleweed) has DNSCrypt-proxy installed as well (in case i am travelling).

So far i never discovered any problem with my setups. However i have no experience with working behind captive portals or using VPNs or Tor-network.

Sorry for being not very specific. But if you have any specific problem with using DNSCrypt-proxy please ask …



Thanks, that is very useful feedback. Think I am now going to add DNSCrypt Proxy with DoH as an Upstream DNS to my PiHole VM.