Thread 106885101

Which dns resolver is /g/ and chud-approved? I was using quad9 until I found out it's owned by some troons.

>>106885101 (OP)
>chud-approved
Are you asking for indian dns resolvers?

>>106885122
>whatever is not troon owned is indian
we now know whos going around calling everyone- jeet

>>106885122
DO NOT RESOLVE

>>106885101 (OP)
>if speed matters
cloudflare
>anything else
mullvad

>>106885101 (OP)
>Which dns resolver is /g/ and chud-approved?
dnscrypt
> I was using quad9 until I found out it's owned by some troons.
oh no it's much worse than that. it was created by a bunch of people involved with law enforcement. that service is just a data mine for glowniggers.

>>106885101 (OP)
obsessed

>>106885214
It's the chinks. 80% of the time

I'm not sharing anything nice I find because you morons fuck it up

>>106885988
nah
in my experience its the tranis
jeets live rent free in their heads bc theyre legit competition to them.
theyre webshitters, community managers, this kind of easily replaceable trash

>>106885252
Which company is worse, Cloudflare or Google? I see both getting hate

i use the one of my ISP, which is more trustworthy than either Cloudflare or Google.

i use the nextdns option in firefox. i like running the ip it uses through mtr and seeing how many dhs (yes that one) it goes through regardless of where i am in the world.

>troon this?
>no, jeet that
>maybe chink?
this board is hopeless

>>106885101 (OP)
unbound

Mullvad DNS or Adguard DNS

>>106885252
>>if speed matters
Does speed really matter for a dns resolver? Like, at most it will be a few milliseconds only for the first visit right?

quad and cloudflare through dnsproxy. use 1.1.1.2 for home wifi for some basic malware filtering.

Quad9 and dns0

>>106885252
>>if speed matters
>cloudflare
if speed matters you wouldn't use cloudflare. cloudflare strips edns information, making it impossible for non-cloudflare cdns to give you the nearest cdn based on edns. this makes non-cloudflare sites slower.

>>106885252
>>106886442
mullvad dns is not a serious service.
github.com/mullvad/dns-blocklists/issues/105

For me it's adguard.

>>106885252
>>106886484
>>106889061
What makes you think speed is a metric?

>>106889110
lol'd

>>106885101 (OP)
>Which dns resolver is /g/ and chud-approved
just run unbound

>>106885101 (OP)
Can someone explain the point of one of these things if the ISP is going to see you connect to whatever website after the DNS lookup anyway? Also, what happens if you're using a VPN but your ISP's DNS? Can they see the DNS lookups even though the VPN is encrypting the rest of your traffic?

>>106889793
W2C?

troons are just fallen chuds

I use the ones google chrome has under the secure dns setting. so cloudflare and google.

it's a fitting thread to ask this, does anyone know why firefox dns over https doesn't work properly? I tried using cloudflare but for some reason firefox doesn't properly use the dns you choose.

>>106886099
>i give all my dns queries to the glowies, willingly

>>106889793
Assuming good faith providers:
HTTP: everyone sniffing can see page content, hostnames and ip addresses you connect to, even change the content travelling on your line.
HTTPS: everyone can see hostnames and ip addresses.
HTTPS + custom DNS: same as above.
HTTPS + encrypted DNS: everyone can see only ip addresses, the only entity that can read your DNS queries is your encrypted DNS provider.
VPN: nothing, but your VPN provider can see hostnames and ip addresses.
>funny captcha

>>106891285
>HTTPS + encrypted DNS: everyone can see only ip addresses, the only entity that can read your DNS queries is your encrypted DNS provider.
Your ISP can still see which websites you are trying to reach during the handshake process and fuck it up so it fails.

>>106891390
Just enable encrypted client hello.

>>106891390
Not necessarily. If the website you're browsing is using a CDN like Cloudflare and you're using Encrypted SNI then all they would be able to see is encrypted traffic to a cloudflare IP.

>>106889110
i think thats just a Europe thing

>>106891285
good-faith providers do not do deep traffic inspection.
their noc will just see you connecting to some cloudflare ips. they will not know which sites you browse.

>>106891565
an actual attacker won't let you use encrypted sni and will downgrade you. hsts cannot save you.

>>106885995
/thread

>>106892627
pi-hole by default is just forwarding your dns requests to google
https://docs.pi-hole.net/docker/configuration/?h=8.8.8#ftlconf_dns_upstreams-default-88888844

>>106886341
Knowledge is gained by learning to distinguish expected behaviors based on visual data. The reason we don't eat green potatoes is because someone did. As we identify the sources, we learn to avoid them.

the fuck is chud?

just run your own recursive resolver locally
dnsmasq is easy and simple

>>106892599
anyone inspecting my packets isn't doing anything in "good faith"

>>106892618
>an actual attacker
The UK government is incompetent, they will probably just do DNS filtering.

>>106885101 (OP)
Host your own modular DNS resolver with either of these:
https://www.dnsdist.org/index.html
https://technitium.com/dns/
First one is great if you want something for a headless server that is pure efficiency. Other one is great if you like fancy web interfaces and stat dashboards, and don't want to type out your configs. Make it public-facing so you can use it from anywhere, and you're good to go forever. Either run it out of your house or slap it on a VPS. Just make sure you spend some time configuring iptables and/or your firewall frontend of choice. Lots of DDoS botfarms targeting DNS servers these days.

>>106885101 (OP)
install unbound on a VPS.

>>106893923
*dnsdist can be used as an extremely flexible forwarding resolver, with or without the authoritative and recursive components.

>>106893923
>Make it public-facing so you can use it from anywhere
>Lots of DDoS botfarms targeting DNS servers these days
Yeah, no, I'd rather just VPN into my network and use whatever service I want.

>>106894165
They're fun to deal with, and after you've successfully fended off a few, you can make sure your iptables or other firewall rules are persistent, and avoid 99.999% of them in the future. Also, latency. Nothing quite like being directly connected to a well oiled resolver running on a server that was made to be its home.

>>106894243
I'm sure it's satisfying, I just don't think it's worth the hassle doing it this way, when instead I can have secure remote access to my entire home network through a single UDP port - including self-hosted DNS.

>>106891285
>HTTPS + encrypted DNS: everyone can see only ip addresses, the only entity that can read your DNS queries is your encrypted DNS provider.
So your ISP is still seeing you connect to the website's IP then, right? As I said in the original question, I guess I just don't understand the point of point of a custom DNS if the IPs of the websites you visit are just going to go to your ISP immediately anyway.
Am I missing something? Is there some real difference between doing a DNS lookup into connecting to an IP and just connecting to an IP?

>>106894724
I think you did miss the part where most websites these days don't have fixed IPs that you can run a reverse DNS lookup / whois on, but get their IPs dynamically allocated by CDNs.
Either way the point of custom DNS isn't really that you don't trust your ISP to not spy on you or whatever.

>>106894724
Multiple (unrelated) domains/websites can be hosted from a single IP. If the websites you're visiting are behind a CDN like Cloudflare (and you're using ECH) then adversaries wouldn't know what domain you're visiting.