this post was submitted on 26 Sep 2023
42 points (95.7% liked)

Sysadmin

7640 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
 

I feel kinda bad about feeding google with data. Is there some name server I can point my servers to that upholds my privacy and does not run analytics on the requests it gets?

top 35 comments
sorted by: hot top controversial new old
[–] 0v0@sopuli.xyz 37 points 1 year ago (1 children)

Quad9, a Swiss public benefit, not-for-profit foundation. Main address is 9.9.9.9.

[–] beeng@discuss.tchncs.de 5 points 1 year ago

TIL, danke!

[–] d3Xt3r@lemmy.world 19 points 1 year ago (1 children)

Mullvad's DNS. It's available for non-subscribers as well, and their privacy policy explicitly claims they do not log DNS requests in any way. https://mullvad.net/en/help/no-logging-data-policy/

They support both DoT and DoH, and also have various servers for blocking ads, trackers etc (if you wish to use them): https://github.com/mullvad/dns-blocklists

[–] kratoz29@lemm.ee 2 points 1 year ago (1 children)

I feel dumb for not using this along with my PiHole for my home, I only have 1 PiHole machine and I couldn't allow myself to set it up as main DNS so I used the default ISP as a second one in case my unit stopped working (because of experience).

[–] d3Xt3r@lemmy.world 1 points 1 year ago

Well, if you're using Mullvad's malware/ad filters etc there's really no need for a PiHole in the first place (unless you're doing some funky custom filtering).

[–] throws_lemy@lemmy.nz 10 points 1 year ago

How about dnscrypt-proxy?

Randomized dns servers and you can use your own blocklists

[–] eruchitanda@lemmy.world 7 points 1 year ago* (last edited 1 year ago)

Quad9 are great.

IPv4:

9.9.9.9

149.112.112.112

IPv6:

2620:fe::fe

2620:fe::9

More options.

E: looks like someone already mentioned Quad9.

[–] knobbysideup@lemm.ee 7 points 1 year ago (1 children)
[–] notabot@lemm.ee 2 points 1 year ago

This is the correct answer if you trust that your ISP isn't snooping on your traffic. Your DNS server will send unencrypted queries to the root name servers and the nameservers of the domains you search for. This traffic is easy to detect and parse, so you do need to trust your ISP, or the provider of wherever you host your DNS server.

If you don't trust your ISP to that level you'll need to trust whichever server you connect to. It's a trade off to decide which is best for your use case.

[–] possiblylinux127@lemmy.zip 6 points 1 year ago

Cloudflare at work, quad9 at home.

Honestly at work I mostly use the upstream dns

[–] cmnybo@discuss.tchncs.de 6 points 1 year ago (2 children)

I use the DNS resolver in pfSense which connects directly to the DNS root servers.

[–] Stephen304@lemmy.ml 5 points 1 year ago

I do the same in opnsense. According to dnsperfbench, running my own resolver benchmarked as slightly faster or at minimum about the same performance as using any of the big public resolvers. I think the only concern is to make sure you're not using your local resolver if you're trying to use a VPN.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago (1 children)
[–] cmnybo@discuss.tchncs.de 1 points 1 year ago (1 children)

Yes, as long as you don't have a crappy ISP that interferes with your DNS traffic.

[–] possiblylinux127@lemmy.zip 2 points 1 year ago

My ISP is crappy in other ways

[–] skookumasfrig@sopuli.xyz 4 points 1 year ago

NextDNS is good. OpenDNS used to be, but you know... Cisco.

[–] skbo@lu.skbo.net 4 points 1 year ago

Unbound seems the most secure.

[–] burgersc12@sh.itjust.works 2 points 1 year ago

Been using dnsforge.de to block ads, pretty sure they respect privacy

[–] reddthat@reddthat.com 2 points 1 year ago (1 children)

OpenNIC is my favourite, community run, lots of servers have no logs

[–] pastermil@sh.itjust.works 2 points 1 year ago (1 children)

OpenNIC is quite a hit or miss for me. How does it work for you?

[–] reddthat@reddthat.com 1 points 1 year ago (1 children)

What do you mean?

Uptime? DNS resolution speed?

I've been using them for a good 10 years, occasionally a server goes down but then you just swap them in your config.

I set them on my router which acts as the cache server as well. So after a client resolves it, no other clients have issues.

[–] pastermil@sh.itjust.works 1 points 1 year ago (1 children)

It's just that some servers I've chosen in the past had either gone down in speed or vanished completely.

[–] reddthat@reddthat.com 1 points 1 year ago

Fwiw the AU ones are working like a treat

[–] returned@sh.itjust.works 2 points 1 year ago (1 children)
[–] reddthat@reddthat.com 2 points 1 year ago (1 children)

Open DNS is run by Cisco now. And is directly used for their proprietary anti malware systems

[–] returned@sh.itjust.works 1 points 11 months ago

Thanks for the info, I've started using Quad9 ever since I got fiber recently and tried a DNS benchmark tool and saw it's even faster than Cloudflare at my network

[–] awlex@fosstodon.org 2 points 1 year ago* (last edited 1 year ago) (1 children)

@Sibbo if you don't classify cloudflare as evil, you can give their DNS at 1.1.1.1 a try

[–] MrPoopyButthole@lemmy.world 5 points 1 year ago (1 children)

You don't have to @ someone if you are replying directly to their comment or post.

[–] towerful@programming.dev 17 points 1 year ago (1 children)

The at-ing is because of federation between Lemmy instances and mastodon instances.
It's the way discussions happen on mastodon

[–] awlex@fosstodon.org 4 points 1 year ago (1 children)

@towerful @MrPoopyButthole indeed. If you start a reply with the mastodon-app, it automatically adds the people you reply to.

[–] k_rol@lemmy.ca 1 points 1 year ago

Huh, the more we know

[–] Oha@lemmy.ohaa.xyz 1 points 1 year ago

Quad9

9.9.9.9