DNS Servers

What DNS servers are you using, Holla Forums?
Plan on getting rid of Google on my VPN server.

PrivacyTools suggests CloudNS.com.au, but their certificate expired over a month ago, which doesn't inspire much confidence, and I'm not a fan of their server locations (Sydney & Canberra).

Any suggestions?

Other urls found in this thread:

opennicproject.org
github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
calomel.org/unbound_dns.html
dns.d0wn.biz/
github.com/ipfs/examples/tree/master/examples/ipns
github.com/ipfs/specs/tree/master/iprs-interplanetary-record-system
berr.yt/h/dnscrypt-resolvers/
wikileaks.org/wiki/Alternative_DNS
simplednscrypt.org/
twitter.com/NSFWRedditImage

opennicproject.org

It's got the freedoms you crave.

Thanks user.

opennic with dnscrypt-proxy

second this
optionally with bind or unbound cache to speed things up

I run my own with bind. I use afraid.org and xname.org as free secondaries that get zone transfers from my server. Be sure to secure it if you go this route as you'll get used for amplification attacks otherwise.

Moved off of OpenNIC in favor of dnscrypt + unbound. Any way I can still support OpenNic while knowing I'm not being tracked?

Why'd you stop using OpenNIC?

github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv
they're not exclusive

Seconding unbound. There's a tutorial to get it to work with DNSSEC here: calomel.org/unbound_dns.html

Why do you need dnscrypt when you can directly contact the DNS root server with unbound (acting as an authoritative server)?

why not your isp?

Because your ISP would know and record your whole dns use (and can so share it with the government, sell it to ads company or pursue you). Moreover, the isp can just censor website at the dns level too if the government ask for it.
That's why anyone who is concerned with privacy should not use its ISP dns.

dns.d0wn.biz/

Use the random ones with DNS crypt. es brutty gud.

DECENTRALIZATION IDEA

what would be good is if you could write a program that contacts a very large number of a random variety of small time DNS servers, before actually choosing an IP to visit. that way, the power wouldn't be concentrated into one DNS server that dictates all the directions of your traffic. of course, this would be slow unless you cached these results into your own DNS server. and you'd have to harden the crap out of that server if you actually wanted it to be reliable and safe. but at least you'd be more responsible for your own DNS security, but which is only a good thing if you are very good at securing a DNS server.

having said that - what if all the small time DNS servers are just copying from the bigger and more popular DNS servers ? then the effort is moot

the whole decentralization idea might not actually give you any benefit unless the government is targeting you. and if you were a target you'd probably have a lot more work to do than this. unless perhaps the government is targeting us all... !

They don't need DNS for that. They can just track IP's that you connect to. Also if you use TOR you solve the problem of dns-tracking

Neat, I'm now using dns-crypt with the OpenNIC anycast server (fvz-anyone). I've been meaning to set up my own unbound service but I haven't had the time.


That's a cute video.

What do you think about IPFS's IPNS and IPRS?

github.com/ipfs/examples/tree/master/examples/ipns

github.com/ipfs/specs/tree/master/iprs-interplanetary-record-system

I suggest any DNS resolver here:
berr.yt/h/dnscrypt-resolvers/
Do your own research, as always.

Han Hyeri makes everything cute

wikileaks.org/wiki/Alternative_DNS

Koreans are the worst race in the orient.

That's just her look, user.

Here, have some 소원

; This file holds the information on root name servers needed to; initialize cache of Internet domain name servers; (e.g. reference this file in the "cache . "; configuration file of BIND domain name servers).;; This file is made available by InterNIC ; under anonymous FTP as; file /domain/named.cache; on server FTP.INTERNIC.NET; -OR- RS.INTERNIC.NET;; last update: December 01, 2015; related version of root zone: 2015120100;; formerly NS.INTERNIC.NET;. 3600000 NS A.ROOT-SERVERS.NET.A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30;; FORMERLY NS1.ISI.EDU;. 3600000 NS B.ROOT-SERVERS.NET.B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b;; FORMERLY C.PSI.NET;. 3600000 NS C.ROOT-SERVERS.NET.C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c;; FORMERLY TERP.UMD.EDU;. 3600000 NS D.ROOT-SERVERS.NET.D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d;; FORMERLY NS.NASA.GOV;. 3600000 NS E.ROOT-SERVERS.NET.E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10;; FORMERLY NS.ISC.ORG;. 3600000 NS F.ROOT-SERVERS.NET.F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f;; FORMERLY NS.NIC.DDN.MIL;. 3600000 NS G.ROOT-SERVERS.NET.G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4;; FORMERLY AOS.ARL.ARMY.MIL;. 3600000 NS H.ROOT-SERVERS.NET.H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53;; FORMERLY NIC.NORDU.NET;. 3600000 NS I.ROOT-SERVERS.NET.I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53;; OPERATED BY VERISIGN, INC.;. 3600000 NS J.ROOT-SERVERS.NET.J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30;; OPERATED BY RIPE NCC;. 3600000 NS K.ROOT-SERVERS.NET.K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1;; OPERATED BY ICANN;. 3600000 NS L.ROOT-SERVERS.NET.L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42;; OPERATED BY WIDE;. 3600000 NS M.ROOT-SERVERS.NET.M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35; End of file

I have bind9 running on my router. I don't really know wtf it does or how it works, but it does work.

...

I'm using dnscrypt-proxy with dnsmasq. Using DNS providers found on this chart:

github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv

Any DNS server that doesn't look too shady in SimpleDNSCrypt's list.

simplednscrypt.org/

VPN is even worse than ISP. VPN tracks all activity, also is registered to your name and credit card (ISP/internet is per home, not per person), and it also marks you as dangerous person

Legal agreements matter in this case. ISPs can and do sell your Internet history. Verizon in particular has a web proxy that logs all your landline web browsing history and sells that to human profiling firms with your name attached.

VPN is one of the few things that helps.

I've been running unbound for a while now. OpenNIC fags, how is your service?

Jesus Christ man. Kill yourself immediately

I'm noticing a lot of people that use dnscrypt-proxy + unbound in this thread. I'm using dnscrypt-proxy+dnsmasq like this user

Any major reason to switch from dnsmasq to unbound?