Thread replies: 36
Thread images: 5
Thread images: 5
Anonymous
Whis DNS Provider does /g/ use? 2017-03-30 12:30:29 Post No. 59653979
[Report] Image search: [Google]
Whis DNS Provider does /g/ use? 2017-03-30 12:30:29 Post No. 59653979
[Report] Image search: [Google]
I am trying to find a new DNS provider which is not logging like the one google provides.
Which service do you use or recommend?
>>
>>59653979
My own nameserver.
Which references the root name servers directly.
>>
File: opennic-logo-sm411.png (6KB, 300x125px) Image search:
[Google]
6KB, 300x125px
>>59653979
>>
I like to use CryptoStorm's swiss DNScrypt servers. Seems to work ok enough for me.
>>
>>59654012
Is openNIC logging my requests? And why do you use it?
>>
>>59654099
Maybe, I think anyone with the specs can run an opennic node. There's also dnscrypt I guess. I use it because fuck ICANN.
>>
>>59653990
Any articles detailing how to set this up?
>>
dnscrypt on top of opennic
i hope somebody comes out with a hw device with software to run your own dns/vpn server
i'm too lazy to build one
>>
Can you make encrypted requests to the root dns servers? How to protect your dns traffic from snooping?
>>
>>59654666
IS dnscrypt the best solution? I run pfsense that servers as the dns server for my network. There's no dnscrypt package for pfsense but I found a good guide for setting it up manually.
>>
>anno 2017
not using dnscrypt
>>
Can someone explain to me DNS? I don't know much honestly. Also why should I change it?
>>
>>59654741
https://forum.pfsense.org/index.php?topic=78446.0
>>
>>59654758
Google.com
>>
File: 2000px-Yandex_logo_ru.svg.png (59KB, 2000x796px) Image search:
[Google]
59KB, 2000x796px
>>59653979
Yandex.DNS
https://dns.yandex.com/
>>
>using Google
>>
>>59654666
>Can you make encrypted requests to the root dns servers?
No
>>
>>59653979
185.121.177.177
185.121.177.53
142.4.205.47
142.4.204.111
>>
>>59653979
comodo, norton, open :all are logging
>>
>>59654666
Cant encrypt the requests but you could have an external dns server on a virtual server somewhere and encrypt that to your home.
>>
>>59654774
>Russia
the enemy of your enemy is not your friend, anon
>>
8.8.8.8 8.8.4.4
it just werks
>>
OpenDNS
>>
>>59656845
I think it's fine (:
>>
>>59656869
so does nsa.gov
>>
I use dnscrypt with the opendns servers
how do I switch them to something else in the csv
why do I have to run dns-fix and restart dnscrypt every time I boot up?
>>
>>59653979
Stupid question, but does it realy matter which DNS server you use? If your ISP is logging your browsing data will it matter where you resolve names to IPs?
>>
>>59657419
One, if you use a VPN then your ISP can't see what IPs you connect to - beyond one address in a datacenter somewhere.
Two, even if you don't use a VPN, DNS is the preferred point for ISP spying and interference because by default its in plain text and goes to a server the ISP controls. That's a much easier and more precise way to collect data than monitoring IPs that you connect to. Remember one IP doesn't necessarily equal one site. Load balancers and CDNs among other things get in the way of that one-to-one relationship.
If DNS traffic is in plain unauthenticated text, an ISP can easily spoof it, too. They can just hijack your DNS traffic, even if you're using a server other than theirs, and do what they want with it. You wouldn't have a way to either detect or stop this. DNSSec authenticates but doesn't encrypt DNS queries, which would let the ISP monitor them but not alter them. DNSCrypt actually encrypts them, shutting down both tampering and monitoring.
>>
>>59653979
If you have your own box .. setup named and resolve yourself.
>>59654666
You could use Tor from torproject.
>>59657419
It totally matters, depending on country. Norway censors a lot of websites, "torrent" sites is their main excuse but they censor all sorts of political content too. When I was there and checked the ISP only lied on their own default DNS servers.
I suspect a lot of logging and monitoring is also done by just at DNS servers. I know it sounds stupid but it works for the vast majority who don't know what a DNS server is.
>>
>>59657729
>>I suspect a lot of logging and monitoring is also done by just at DNS servers. I know it sounds stupid but it works for the vast majority who don't know what a DNS server is.
Happened in Turkey a while back. The government tried to block access to a lot of social media sites while protests were going on. It was done with DNS, there were pictures in the news of graffiti saying "change your DNS to 8.8.8.8"
DNS-based blocking is simple, fast, and easy for an ISP to do. You could do it by IP, but then you're fucking with routing, and that's both more difficult and runs a higher risk of breaking other things. It's also defeatable, with VPNs, proxies, etc.
>>
>>59654603
Maybe use a raspberry?
>>
I use Google's DNS
>>
>>59653979
https://dnscrypt.org/
http://thesimplecomputer.info/a-list-of-dns-service-providers
check fastest with
https://www.grc.com/dns/benchmark.htm
>>
>>59653979
OpenDNS.
>>
>>59658002
I can run DNSCrypt with every DNS provider that supports it, right?
Would it be worth running my own on a raspberry or some other low power device?
>>
On a related note...
Would it be possible to replace my cisco botnet cable modem, that I got from my ISP, with some kind of gateway device that would send the cable signal directly to my pfsense router?
Thread posts: 36
Thread images: 5
Thread images: 5