So,
what's the news on DNS providers. The company I'm working for pushes openDNS servers to the clients.
However since being owned by cisco, openDNS is oficially a big boy now. Which makes me wonder if any data are being sold behind their backs. Any alternatives you can think of?
Install DNScrypt, then go through this list and find one you like:
https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
>>58769292
Why would you need this laggy piece of shit if you're running VPN? 99% of their servers don't even provide DNSSEC. It security through obscurity.
>>58768581
Install unbound. Don't use forwarding mode - use root servers directly. Enable DNSSEC.
Then:
echo "nameserver 127.0.0.1" > /etc/resolv.conf
chattr +i /etc/resolv.conf
>>58769474
Fuck off with your DNSSEC shilling
https://sockpuppet.org/blog/2015/01/15/against-dnssec/
>>58769694
It's not perfect, I agree.
What do you suggest? Dnscrypt servers run by some unknown community? Where somebody could just eavesdrop your query? Even opendns is better than that. Ultimately dnssec + root servers over VPN is the least evil.
>>58770044
I meant spoofing, not eavesdropping. English isn't my first language.
>>58770044
>>58770089
yeah there's no way I'm using some random ass DNS server located halfway around the world. That's a good way to spoof attacked