Quad9, a Swiss public benefit, not-for-profit foundation. Main address is 9.9.9.9.
this post was submitted on 26 Sep 2023
38 points (95.2% liked)
Sysadmin
10552 readers
1 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world
founded 2 years ago
MODERATORS
TIL, danke!
Mullvad's DNS. It's available for non-subscribers as well, and their privacy policy explicitly claims they do not log DNS requests in any way. https://mullvad.net/en/help/no-logging-data-policy/
They support both DoT and DoH, and also have various servers for blocking ads, trackers etc (if you wish to use them): https://github.com/mullvad/dns-blocklists
I feel dumb for not using this along with my PiHole for my home, I only have 1 PiHole machine and I couldn't allow myself to set it up as main DNS so I used the default ISP as a second one in case my unit stopped working (because of experience).
Well, if you're using Mullvad's malware/ad filters etc there's really no need for a PiHole in the first place (unless you're doing some funky custom filtering).
How about dnscrypt-proxy?
Randomized dns servers and you can use your own blocklists
My own.
This is the correct answer if you trust that your ISP isn't snooping on your traffic. Your DNS server will send unencrypted queries to the root name servers and the nameservers of the domains you search for. This traffic is easy to detect and parse, so you do need to trust your ISP, or the provider of wherever you host your DNS server.
If you don't trust your ISP to that level you'll need to trust whichever server you connect to. It's a trade off to decide which is best for your use case.
I use the DNS resolver in pfSense which connects directly to the DNS root servers.
I do the same in opnsense. According to dnsperfbench, running my own resolver benchmarked as slightly faster or at minimum about the same performance as using any of the big public resolvers. I think the only concern is to make sure you're not using your local resolver if you're trying to use a VPN.
You can do that?
Yes, as long as you don't have a crappy ISP that interferes with your DNS traffic.
My ISP is crappy in other ways
Quad9 are great.
IPv4:
9.9.9.9
149.112.112.112
IPv6:
2620:fe::fe
2620:fe::9
E: looks like someone already mentioned Quad9.
Cloudflare at work, quad9 at home.
Honestly at work I mostly use the upstream dns
NextDNS is good. OpenDNS used to be, but you know... Cisco.
OpenNIC is my favourite, community run, lots of servers have no logs
@Sibbo if you don't classify cloudflare as evil, you can give their DNS at 1.1.1.1 a try
You don't have to @ someone if you are replying directly to their comment or post.
The at-ing is because of federation between Lemmy instances and mastodon instances.
It's the way discussions happen on mastodon
@towerful @MrPoopyButthole indeed. If you start a reply with the mastodon-app, it automatically adds the people you reply to.
Huh, the more we know
Quad9
9.9.9.9