Have you considered that it's possible to be tracked through

>>55989354
I didn't set up my own DNS server, but I did tell my router that it should hand out one of four OpenNIC IPs to clients as a DNS server, instead of using the one my ISP provides.

I would like to set up DNSCrypt but I'm not smart enough to make pfSense do that.

>>55989390
If you're smart enough to set up pfSense, you can easily do DNSCrypt. What are you confused by? Maybe I can help.

>>55989470
>If you're smart enough to set up pfSense
well, I'm really not. I can (kinda sorta) drive a Linux system, but I have no experience with the BSD that pfSense is built on. I looked into it and found that you can't use pfSense's neat little web interface to do this, you have to drop to a command line and set it up yourself. I've seen some people post that they did it, but apparently it's specific to a given version of pfSense, upgrade and you'll have to fix things.

And I mean shit, I don't even understand subnetting, I just run pfSense because I'm able to follow a guide on the internet with screenshots. I don't even use any of the real advanced stuff, I just wanted something that's receiving security support (since my cheap wireless router hadn't had a firmware update in five years and that was making me nervous)

>>55989533
I see.
If you're ever interested in running your own DNS server, there are lot's of good guides around, such as this one: https://calomel.org/unbound_dns.html

>>55989590
I remember looking at doing that and concluding I couldn't, guess I'll look again, that was some time ago

File: 1452574980503.png (87KB, 297x333px) Image search: [Google]

87KB, 297x333px

>using DNS
>not memorizing IPs and ports to your favorite sites

>>55990015
Good luck browsing virtual hosts that way.

File: Yuri.png (42KB, 318x470px) Image search: [Google]

42KB, 318x470px

>>55990261
That's what the /etc/hosts file is for. Nobody needs the DNS jew.

>>55990261
telnet 104.16.66.203 80
GET /g/catalog.json HTTP/1.1
Host: boards.4chan.org

Boom instant vhost support

>>55989354
>someone who is conscious to current issues surrounding privacy and computer security

so you like cp

>run your own dns server
>increase your attack surface by numerous factors
>still very possible to track your dns requests
>more secure

use dnscrypt or a hosts file, dummy. you must be the "run your own email server for security" troll who screwed hillary clinton.

>>55991132
Yeah, DNSCrypt is the only way to go.

You have to trust the server of course, but at least your ISP/NSA can't see the requests.

I only visit sites with no or generic PTRs myself ;^) This stops the reverse lookups from IP address.

Fedora tipped.

>>55991132
>Deny all public IPs and only allow a small portion of your local subnet
Wouldn't this close the vector to exterior threats?

Also, doesn't DNSCrypt work by encrypting the traffic between the host and resolver? What's the point of that if all DNS traffic is on the local network? I mean, you could implement it regardless but it seems like overkill to me.

>>55993299
DNSCrypt acts as a local DNS server which forwards queries to an online server through encryption

OpenBSD runs my DNS stack with dnscrypt+sec it's really easy to setup.
Keep it simple.

>>55993299

you do not understand how dns resolution works irl

File: Screen Shot 2016-08-09 at 10.26.13 AM.png (916KB, 3360x2100px) Image search: [Google]

916KB, 3360x2100px

>>55991132
>Not putting your DNS server behind NAT
why are you even commenting?

>>55995648
>thinks NAT is security
NAT is just a hack and it isn't about security.

>>55995445
How does it work then?

I don't have a fancy router so i just use some domains from opennic.

>>55995909
>I dont understand how NAT works

This is not neo /g/

>>55989354

This is why Tor is concerned with DNS lookups that don't go over the Tor network. Running your own DNS server won't protect you.. it needs to go over a VPN or something like Tor. Also, for a home DNS server something like dnsmasq is easy to setup.

File: baitrick.jpg (13KB, 308x308px) Image search: [Google]

13KB, 308x308px

>>55999849
>dnsmasq

>>55996307
Any reason not to use OpenNIC?

File: 1447721874163.jpg (13KB, 350x525px) Image search: [Google]

13KB, 350x525px

>>55999929
Basically it boils down to whether you trust the IANA or OpenNIC with your queries.