Thread 106479494

What is your DNS setup?

>>106479494 (OP)
I run my own recursive resolver

pihole > dnscrypt-proxy > cloudflare

I don't remember.

I just checked and I was running some DNS locally, but actually last night I shut down the VM for it. But home internet was still working... so I have no idea. Maybe browser/os cache was enough that I didn't notice?

>>106479494 (OP)
my own, which just recurses to cloudflare.
DoH usually slips by when some fuckass ISP feels like blocking cloudflare

Ok it's back up now. PiHole > Google
I tried AdGuard when I ran on a pi, then stopped serving and just used AdGuard DNS for awhile, but after getting my vm set up I went back to pihole.

Cloudflare.

[Resolve]
DNS=2606:4700:4700::1111#one.one.one.one 2606:4700:4700::1001#one.one.one.one
DNSOverTLS=yes
LLMNR=no
MulticastDNS=no

pihole into opendns

>>106479494 (OP)
Mullvad's "base" DNS server
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

>>106479494 (OP)
adblock.dns.mullvad.net

i just use google. the weird thing is when i visit torrent sites and fire up utorrent my internet suddenly cuts off.

>>106479802
works on my machine

>>106479802
Probably because utorrent has literal aids
Try qbitorrent

Quad9

base mullvad.

dns.adguard-dns.com

>>106479494 (OP)
I use NextDNS

I round-robin between Cloudflare, Quad9, Adguard, and Mullvad via DoH/DoT
Only use their non-filtering servers because my router runs Adguard Home to do the DNS filtering for ads and trackers

>>106479494 (OP)
bind to local privacy oriented provider

>>106479494 (OP)
Local dnscrypt-proxy on every machine, mostly standard config but with a forwarding rule to forward Tailscale domain names to its resolver.
I used to run pihole but I realized it was redundant because I already had uBO deployed via enterprise policy on every machine.

Google DN, because here in Spain the goverment and LaLiga block anything from cloudflare for "anti-pirate" reasons.

The one of my isp with whatever dnsmasq does on my router.

I am not a fucking idiots routing even more of my traffic to giant glowdag corpos.

>>106479494 (OP)
Censurfri and google.dns as a fallback, because European Utopia's dictatorship won't let you connect to the Soulseek and so on

>>106480510
...over TLS, I forgot to mention, port 53 is redirected to the great firewall otherwise

>>106479802
>>106480229
>>106480510
Google, just like that?

>>106479494 (OP)
adguard home running on my router

>>106479494 (OP)
Quad9->Open-DNS

>>106481121
sum people just dgaf

>>106479494 (OP)
9.9.9.10:853
149.112.112.10:853

Accessed through TOR via personalDNSfilter.

Allowing TOR nodes to resolve is a hit and miss, so this is the better choice as clumsy as it seems.

>>106481500
>through TOR
isn't the latency crazy high

>>106481516
Not as high as you're thinking. Somwhere in the 400-600 ms range so it's very usable on my end.

Why the fuck would any of you niggers use DNS over TLS

>>106481537
Extra layer of privacy.

>>106479842
>>106479523
>>106479587
>>106479734
CIA/Mossad

>>106481532
Not as bad as I thought indeed, expected it to be close to a full second. Does you have any special DNS cache settings to mitigate the latency or does it hit the server on most queries?

>>106481607
Do you run*

>>106481607
Hits it on all queries. No dns caching anywhere. For me it's better to just reload when something doesn't resolve right away (hardly ever happens) than to wait for the flush.

open.dns0.eu

>>106479771
I use this but the ad blocking one.

AdGuard Home server with DoH/DoT upstreams to Quad9 and Mullvad + fallback to Cloudflare

>>106481738
>fallback to Cloudflare
>makes himself vulnerable to downgrade attacks by globohomo

fuck mullvad

>>106481781
their DNS doesn't even work on my system, just says it's invalid.
they're a joke, use controld or sb instead

>>106481781
Their routing is bullshit. I'll get sent to Singapore for no reason despite being in the EU which would result in high latency like that.
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls lists region specific servers you can use, though idk about reliability.

when did everyone switch from pihole to adguard home anyways what happened

>>106481781
>>106481987
yeah i get some bs long routes sometimes with them too. had a couple of blackouts too.

>>106481987
Exactly! I'm from Germany, and this works best in my systemd-resolved:
DNS=185.213.155.123#de-fra-dns-001.mullvad.net
Remember to set up a FallbackDNS in case of an outage.

>>106482139
About 5 years ago. The smell.
I ran pihole on a pi and it kept breaking itself. Adguard Home ran much better. I assume lots of people had issues with pihole, were lured by the promise of a simpler program with better performance, and switched.

Quad9 is literally feds jfc you fucking morons

>>106482463
It's known that the police operate it, so I would say the people who say they use quad9 are actually cops.

>>106482463
>>106482820
Is it actually fedshit or is this some reverse psychology method being used by feds (if you are them) to deter brainlets like me to keep using cloudflair?

>>106483714
***Cloudflare

>>106482463
Everything is until the guys running it go to jail. That's the schizo standard, and that's why you don't access these servers directly.

Fed or not, it's still the most comprehensive, uncensored and reliable dns servers I've tried so far.

>>106479494 (OP)
My Adguard Home keeps losing connection and must be restarted after a while, this didn't happen for months after I installed it and it was stable. I updated it several times and nothing get fixed wtf

>>106483875
Yeah I have this issue right now too, just stopped using it and I'll see in a few months if it resolves itself

>>106484234
Last time I checked their repo I didn't find anything about this, guess I'll go with PiHole in the meantime

>I'll see in a few months if it resolves itself
This is what I was doing while thinking the next update would fix something

>>106479494 (OP)
Pihole > Cloudflare

>>106482463
>Quad9 is literally feds
Yes and? I'm not a criminal, I don't search criminal search. Not everyone is a pedophile, pedro.

postem

>>106484419
Most NPC post I've read in months. kys

>>106484492
Pedophile

>>106479494 (OP)
Just use a text file and paste IPs manually, are you a noob?

you guys dont run your own recursive dns resolver?

I tried running my own local dns for a while but eventually just settled for my ISP's. it's a relatively small, rural ISP not owned by any conglomerate and it seems decent enough, so it felt better than something like google or cloudfare
how would one go about measuring how bad it is anyway?

>>106479494 (OP)
Bind running as a recursive resolver.

>>106484419
>posted by a fed or a literal saru

>>106486457
Why would I waste time on that?

>>106487992
It's really only worth doing if:
a) You want to create and control DNS records within your local network
b) You want to block addresses and prevent them from resolving in the first place (Can also be done via a cloud provider tho)

>>106479494 (OP)
very glowing thread. im not gonna tell you by the way

I don't recall what was set up.

>>106488101
>>106486579
take your meds

>>106479494 (OP)
How much does this even do, privacy wise? Even if your ISP can't see your DNS traffic, they'll still see your HTTP traffic, right?

>>106488941
What does what do?

>>106488941
HTTPS alone does not cover DNS. You need to use DoT or DoH. That being said just about every modern browser uses DoH and if your operating system has secure dns setup it'll defer to that.

But if your concern is your ISP / Cloudflare / Google / (Whatever DoH resolver you use) snooping on you then DoH does not fix that. DoH only prevents 3rd party observers seeing what you're doing, the endpoint (ISP, Cloudflare, etc) will still see your DNS request... as they need to in order to resolve it.

So it's a matter of "who do I trust more". Your ISP (They keep logs for police if subpoenaed, I forget how long but they do). Cloudflare, Google, etc. (Spoiler: Most probably keep logs for legal reasons).

Also yes, if you go to a http website your ISP, and everyone else, can snoop on it. Also even with https they can snoop on the IP destination. If you really care about full coverage for both https/http/dns you need a VPN. If you're a schizo you can probably find a VPN in some shithole that won't cooperate with the US. If you're not schizo it just gives a tiny peace of mind, but if the VPN provider keeps logs don't be surprised if they (the feds) can reconstruct what you did. Realistically if you're in that much shit you have lots of other things to worry about imo.

pihole > cloudflared doh > quad9

>>106489066
Two major uk isps are keeping all dns queries but won't say why. It's a good idea to consider a secure dns these days. At the very least you should all be putting dns on max protection with a custom dns in your browser settings.

>>106489066
To avoid the whole logs issue I recommend dnscrypt-proxy, it will proxy your request to one of a few dozen servers (including upstream DoH, DoT and its own DNSCrypt protocol) so your queries are spread across multiple servers. It adds redundancy in case one goes down, and even if your queries are logged they would need to get them from all providers you use to get the full picture.

For snooping websites, HTTP is insecure, anyone on the wire (aka ISP) can see the full content of the webpages. For HTTPS, the content is encrypted, but they can see the IP (of course) and the hostname from the server name indication (SNI) field. Cloudflare is currently rolling out encrypted ClientHello (ECH) for all sites on their platforms, so if you use a modern browser then ISPs will no longer be able to see which site it is but that it's just a site on Cloudflare. Which is like every website nowadays.
>for all the shit cloudflare gets this is actually a rare instance where one entity having control of a large number of websites lets them deploy the same generic SNI across every website and defeat censorship
>a government wanting to block one site on cloudflare would have to block every site on cloudflare

>>106479802
>utorrent
It's not 2009 anymore, get with the times grandpa

>>106490756
what for? the downloaded files are 100% identical. i disregard your opinion of anything about computers now. you are retard, yes ?

>>106490756
>>106491456
transmission, neegas

>>106491460
newfremd, transmission can be manipulated

nobody can do anything

>>106491456
>what for?
Adware, bloatware, got caught more than once for adding a bitcoin miner to the client.
But sure, you do you.

>>106491511
i gots computer related ptsd as well, but it's from using macs. the web connects us across all operating systems, ain't that amazing? shared sufferihhhng

>>106481550
This.

Glowflare niggers out here shilling their shit. Kys niggers.

>>106479494 (OP)
unbound.

>>106479494 (OP)
Adguard
It just werks