What is your DNS setup?
>>106479494I run my own recursive resolver
pihole > dnscrypt-proxy > cloudflare
I don't remember. I just checked and I was running some DNS locally, but actually last night I shut down the VM for it. But home internet was still working... so I have no idea. Maybe browser/os cache was enough that I didn't notice?
>>106479494my own, which just recurses to cloudflare.DoH usually slips by when some fuckass ISP feels like blocking cloudflare
Ok it's back up now. PiHole > GoogleI tried AdGuard when I ran on a pi, then stopped serving and just used AdGuard DNS for awhile, but after getting my vm set up I went back to pihole.
Cloudflare. [Resolve]DNS=2606:4700:4700::1111#one.one.one.one 2606:4700:4700::1001#one.one.one.oneDNSOverTLS=yesLLMNR=noMulticastDNS=no
[Resolve]DNS=2606:4700:4700::1111#one.one.one.one 2606:4700:4700::1001#one.one.one.oneDNSOverTLS=yesLLMNR=noMulticastDNS=no
pihole into opendns
>>106479494Mullvad's "base" DNS serverhttps://mullvad.net/en/help/dns-over-https-and-dns-over-tls
>>106479494adblock.dns.mullvad.net
i just use google. the weird thing is when i visit torrent sites and fire up utorrent my internet suddenly cuts off.
>>106479802works on my machine
>>106479802Probably because utorrent has literal aidsTry qbitorrent
Quad9
base mullvad.
dns.adguard-dns.com
>>106479494I use NextDNS
I round-robin between Cloudflare, Quad9, Adguard, and Mullvad via DoH/DoTOnly use their non-filtering servers because my router runs Adguard Home to do the DNS filtering for ads and trackers
>>106479494bind to local privacy oriented provider
>>106479494Local dnscrypt-proxy on every machine, mostly standard config but with a forwarding rule to forward Tailscale domain names to its resolver.I used to run pihole but I realized it was redundant because I already had uBO deployed via enterprise policy on every machine.
Google DN, because here in Spain the goverment and LaLiga block anything from cloudflare for "anti-pirate" reasons.
The one of my isp with whatever dnsmasq does on my router.I am not a fucking idiots routing even more of my traffic to giant glowdag corpos.
>>106479494Censurfri and google.dns as a fallback, because European Utopia's dictatorship won't let you connect to the Soulseek and so on
>>106480510...over TLS, I forgot to mention, port 53 is redirected to the great firewall otherwise
>>106479802>>106480229>>106480510Google, just like that?
>>106479494adguard home running on my router
>>106479494Quad9->Open-DNS
>>106481121sum people just dgaf
>>1064794949.9.9.10:853149.112.112.10:853Accessed through TOR via personalDNSfilter.Allowing TOR nodes to resolve is a hit and miss, so this is the better choice as clumsy as it seems.
>>106481500>through TORisn't the latency crazy high
>>106481516Not as high as you're thinking. Somwhere in the 400-600 ms range so it's very usable on my end.
Why the fuck would any of you niggers use DNS over TLS
>>106481537Extra layer of privacy.
>>106479842>>106479523>>106479587>>106479734CIA/Mossad
>>106481532Not as bad as I thought indeed, expected it to be close to a full second. Does you have any special DNS cache settings to mitigate the latency or does it hit the server on most queries?
>>106481607Do you run*
>>106481607Hits it on all queries. No dns caching anywhere. For me it's better to just reload when something doesn't resolve right away (hardly ever happens) than to wait for the flush.
open.dns0.eu
>>106479771I use this but the ad blocking one.
AdGuard Home server with DoH/DoT upstreams to Quad9 and Mullvad + fallback to Cloudflare
>>106481738>fallback to Cloudflare>makes himself vulnerable to downgrade attacks by globohomo
fuck mullvad
>>106481781their DNS doesn't even work on my system, just says it's invalid.they're a joke, use controld or sb instead
>>106481781Their routing is bullshit. I'll get sent to Singapore for no reason despite being in the EU which would result in high latency like that.https://mullvad.net/en/help/dns-over-https-and-dns-over-tls lists region specific servers you can use, though idk about reliability.
when did everyone switch from pihole to adguard home anyways what happened
>>106481781>>106481987yeah i get some bs long routes sometimes with them too. had a couple of blackouts too.
>>106481987Exactly! I'm from Germany, and this works best in my systemd-resolved:DNS=185.213.155.123#de-fra-dns-001.mullvad.netRemember to set up a FallbackDNS in case of an outage.
DNS=185.213.155.123#de-fra-dns-001.mullvad.net
>>106482139About 5 years ago. The smell. I ran pihole on a pi and it kept breaking itself. Adguard Home ran much better. I assume lots of people had issues with pihole, were lured by the promise of a simpler program with better performance, and switched.
Quad9 is literally feds jfc you fucking morons
>>106482463It's known that the police operate it, so I would say the people who say they use quad9 are actually cops.
>>106482463>>106482820Is it actually fedshit or is this some reverse psychology method being used by feds (if you are them) to deter brainlets like me to keep using cloudflair?
>>106483714***Cloudflare
>>106482463Everything is until the guys running it go to jail. That's the schizo standard, and that's why you don't access these servers directly.Fed or not, it's still the most comprehensive, uncensored and reliable dns servers I've tried so far.
>>106479494My Adguard Home keeps losing connection and must be restarted after a while, this didn't happen for months after I installed it and it was stable. I updated it several times and nothing get fixed wtf
>>106483875Yeah I have this issue right now too, just stopped using it and I'll see in a few months if it resolves itself
>>106484234Last time I checked their repo I didn't find anything about this, guess I'll go with PiHole in the meantime>I'll see in a few months if it resolves itselfThis is what I was doing while thinking the next update would fix something
>>106479494Pihole > Cloudflare
>>106482463>Quad9 is literally fedsYes and? I'm not a criminal, I don't search criminal search. Not everyone is a pedophile, pedro.
postem
>>106484419Most NPC post I've read in months. kys
>>106484492Pedophile
>>106479802
>>106479494Just use a text file and paste IPs manually, are you a noob?
you guys dont run your own recursive dns resolver?
I tried running my own local dns for a while but eventually just settled for my ISP's. it's a relatively small, rural ISP not owned by any conglomerate and it seems decent enough, so it felt better than something like google or cloudfarehow would one go about measuring how bad it is anyway?
>>106479494Bind running as a recursive resolver.
>>106484419>posted by a fed or a literal saru
>>106486457Why would I waste time on that?
>>106487992It's really only worth doing if:a) You want to create and control DNS records within your local networkb) You want to block addresses and prevent them from resolving in the first place (Can also be done via a cloud provider tho)
>>106479875
>>106479494very glowing thread. im not gonna tell you by the way
I don't recall what was set up.
>>106488101>>106486579take your meds
>>106479494How much does this even do, privacy wise? Even if your ISP can't see your DNS traffic, they'll still see your HTTP traffic, right?
>>106488941What does what do?
>>106488941HTTPS alone does not cover DNS. You need to use DoT or DoH. That being said just about every modern browser uses DoH and if your operating system has secure dns setup it'll defer to that.But if your concern is your ISP / Cloudflare / Google / (Whatever DoH resolver you use) snooping on you then DoH does not fix that. DoH only prevents 3rd party observers seeing what you're doing, the endpoint (ISP, Cloudflare, etc) will still see your DNS request... as they need to in order to resolve it.So it's a matter of "who do I trust more". Your ISP (They keep logs for police if subpoenaed, I forget how long but they do). Cloudflare, Google, etc. (Spoiler: Most probably keep logs for legal reasons).Also yes, if you go to a http website your ISP, and everyone else, can snoop on it. Also even with https they can snoop on the IP destination. If you really care about full coverage for both https/http/dns you need a VPN. If you're a schizo you can probably find a VPN in some shithole that won't cooperate with the US. If you're not schizo it just gives a tiny peace of mind, but if the VPN provider keeps logs don't be surprised if they (the feds) can reconstruct what you did. Realistically if you're in that much shit you have lots of other things to worry about imo.
pihole > cloudflared doh > quad9
>>106489066Two major uk isps are keeping all dns queries but won't say why. It's a good idea to consider a secure dns these days. At the very least you should all be putting dns on max protection with a custom dns in your browser settings.
>>106489066To avoid the whole logs issue I recommend dnscrypt-proxy, it will proxy your request to one of a few dozen servers (including upstream DoH, DoT and its own DNSCrypt protocol) so your queries are spread across multiple servers. It adds redundancy in case one goes down, and even if your queries are logged they would need to get them from all providers you use to get the full picture.For snooping websites, HTTP is insecure, anyone on the wire (aka ISP) can see the full content of the webpages. For HTTPS, the content is encrypted, but they can see the IP (of course) and the hostname from the server name indication (SNI) field. Cloudflare is currently rolling out encrypted ClientHello (ECH) for all sites on their platforms, so if you use a modern browser then ISPs will no longer be able to see which site it is but that it's just a site on Cloudflare. Which is like every website nowadays.>for all the shit cloudflare gets this is actually a rare instance where one entity having control of a large number of websites lets them deploy the same generic SNI across every website and defeat censorship>a government wanting to block one site on cloudflare would have to block every site on cloudflare
>>106479802>utorrentIt's not 2009 anymore, get with the times grandpa
>>106490756what for? the downloaded files are 100% identical. i disregard your opinion of anything about computers now. you are retard, yes ?
>>106490756>>106491456transmission, neegas
>>106491460newfremd, transmission can be manipulatednobody can do anything
>>106491456>what for?Adware, bloatware, got caught more than once for adding a bitcoin miner to the client.But sure, you do you.
>>106491511i gots computer related ptsd as well, but it's from using macs. the web connects us across all operating systems, ain't that amazing? shared sufferihhhng
>>106481550This.Glowflare niggers out here shilling their shit. Kys niggers.
>>106479494unbound.
>>106479494AdguardIt just werks
