I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

  • terribleplan@lemmy.nrd.li
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If my threat model realistically involved TLAs or other state-sponsored actors I would not be advertising what I do or do not know on a public forum such as Lemmy, haha.

    This conversation was in the conext of running Unbound, which is a recursive resolver and AFAIK DNS “encryption” isn’t a thing in a way that helps in this scenario… DoH, DoT, and DNSCrypt are all only concerned/deployed by recursive servers, meaning unbound isn’t using those. DNSSEC only provides authentication (preventing tampering) of the response, not any sort of encryption/hiding.

    • eleitl
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’m also running unbound on my opnsense, configured to use root DNS servers. Don’t recall what exactly is enabled.

      Yours is a good point why I should run all my traffic through a Wireguard tunnel to my dedicated server, so that my ISP is out of the loop.