Quad9, a Swiss public benefit, not-for-profit foundation. Main address is 9.9.9.9.
this post was submitted on 26 Sep 2023
42 points (95.7% liked)
Sysadmin
7467 readers
2 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]
founded 1 year ago
MODERATORS
TIL, danke!
Mullvad's DNS. It's available for non-subscribers as well, and their privacy policy explicitly claims they do not log DNS requests in any way. https://mullvad.net/en/help/no-logging-data-policy/
They support both DoT and DoH, and also have various servers for blocking ads, trackers etc (if you wish to use them): https://github.com/mullvad/dns-blocklists
I feel dumb for not using this along with my PiHole for my home, I only have 1 PiHole machine and I couldn't allow myself to set it up as main DNS so I used the default ISP as a second one in case my unit stopped working (because of experience).
Well, if you're using Mullvad's malware/ad filters etc there's really no need for a PiHole in the first place (unless you're doing some funky custom filtering).
How about dnscrypt-proxy?
Randomized dns servers and you can use your own blocklists
Quad9 are great.
IPv4:
9.9.9.9
149.112.112.112
IPv6:
2620:fe::fe
2620:fe::9
E: looks like someone already mentioned Quad9.
My own.
This is the correct answer if you trust that your ISP isn't snooping on your traffic. Your DNS server will send unencrypted queries to the root name servers and the nameservers of the domains you search for. This traffic is easy to detect and parse, so you do need to trust your ISP, or the provider of wherever you host your DNS server.
If you don't trust your ISP to that level you'll need to trust whichever server you connect to. It's a trade off to decide which is best for your use case.
I use the DNS resolver in pfSense which connects directly to the DNS root servers.
I do the same in opnsense. According to dnsperfbench, running my own resolver benchmarked as slightly faster or at minimum about the same performance as using any of the big public resolvers. I think the only concern is to make sure you're not using your local resolver if you're trying to use a VPN.
You can do that?
Yes, as long as you don't have a crappy ISP that interferes with your DNS traffic.
My ISP is crappy in other ways
Cloudflare at work, quad9 at home.
Honestly at work I mostly use the upstream dns
NextDNS is good. OpenDNS used to be, but you know... Cisco.
@Sibbo if you don't classify cloudflare as evil, you can give their DNS at 1.1.1.1 a try
You don't have to @ someone if you are replying directly to their comment or post.
The at-ing is because of federation between Lemmy instances and mastodon instances.
It's the way discussions happen on mastodon
@towerful @MrPoopyButthole indeed. If you start a reply with the mastodon-app, it automatically adds the people you reply to.
Huh, the more we know
OpenDNS, anyone?
Open DNS is run by Cisco now. And is directly used for their proprietary anti malware systems
Thanks for the info, I've started using Quad9 ever since I got fiber recently and tried a DNS benchmark tool and saw it's even faster than Cloudflare at my network
OpenNIC is my favourite, community run, lots of servers have no logs
OpenNIC is quite a hit or miss for me. How does it work for you?
What do you mean?
Uptime? DNS resolution speed?
I've been using them for a good 10 years, occasionally a server goes down but then you just swap them in your config.
I set them on my router which acts as the cache server as well. So after a client resolves it, no other clients have issues.
It's just that some servers I've chosen in the past had either gone down in speed or vanished completely.
Fwiw the AU ones are working like a treat
Quad9
9.9.9.9