I was wondering if ever RouterOS will support DNSCrypt or DNS over TLS ?
There were quite a lot of topics in the past but nothing really conclusive.
Re: Secure DNS client
Call me hopeless optimist, but I think it will. They might be waiting for best one to win.
Re: Secure DNS client
With the recent posts about 1.1.1.1 and both DNS over TLS and HTTPS, I was actually disappointed that I could not invoke them on the Mikrotik already.
It seems others already have................... https://www.chameth.com/2017/12/17/dns- ... uter-lite/
It seems others already have................... https://www.chameth.com/2017/12/17/dns- ... uter-lite/
Re: Secure DNS client
At MikroTik, they do things differently. They're not so much for novelties and one of the reasons is that they tend to implement things themselves.
At first sight, it's reinveting the wheel and the question "why?!" suggests itself. But different implementations are good. If there was only one DNS software, one critical bug could bring down almost the whole internet. Different implementations are likely to not have exactly the same problems (unless it's problem in specification). Also, if you have your own code, you probably know it better than someone else's, so you're more in control. That was on the plus side. Unfortunately, it also means that when you don't have enough manpower to do it properly, your implementation easily ends up with only basic features and a lot of important stuff is missing.
DNS in RouterOS is one example, it can't do anything over the bare minimum. Others who are more for opensource can simply grab latest Unbound or something and enjoy DNS over TCP, DNSSEC, etc. Another example is OpenVPN, others use official source and have everything. RouterOS has own implementation with half of features missing, users are begging for them for last ten years(!) and still nothing happens. And because RouterOS is closed and you can't install anything yourself, only MikroTik can do something about it, nobody else. I understand their worries about support becoming even worse nightmare than it must be now, if they allowed to install custom software on router, when they can't deliver full-featured stuff themselves. But it might be worth it, because it would remove many limitations and make users more happy.
Oh well, I went little OT...
At first sight, it's reinveting the wheel and the question "why?!" suggests itself. But different implementations are good. If there was only one DNS software, one critical bug could bring down almost the whole internet. Different implementations are likely to not have exactly the same problems (unless it's problem in specification). Also, if you have your own code, you probably know it better than someone else's, so you're more in control. That was on the plus side. Unfortunately, it also means that when you don't have enough manpower to do it properly, your implementation easily ends up with only basic features and a lot of important stuff is missing.
DNS in RouterOS is one example, it can't do anything over the bare minimum. Others who are more for opensource can simply grab latest Unbound or something and enjoy DNS over TCP, DNSSEC, etc. Another example is OpenVPN, others use official source and have everything. RouterOS has own implementation with half of features missing, users are begging for them for last ten years(!) and still nothing happens. And because RouterOS is closed and you can't install anything yourself, only MikroTik can do something about it, nobody else. I understand their worries about support becoming even worse nightmare than it must be now, if they allowed to install custom software on router, when they can't deliver full-featured stuff themselves. But it might be worth it, because it would remove many limitations and make users more happy.
Oh well, I went little OT...