What, if any, Public DNS is preferred?
-
[email protected]replied to [email protected] last edited by
Controld.com. I use their free version that blocks ads and online tracking and malware.
-
[email protected]replied to [email protected] last edited by
Adguard DNS, so I can block ads in my entire house without having to invest in a PiHole. dns.adguard-dns.com More IPs
-
[email protected]replied to [email protected] last edited by
Check out PrivacyGuides. They have recommendations for DNS including what others have commented
-
[email protected]replied to [email protected] last edited by
I've been using Adguard public DNS for over a year across my LAN and it works great, with much less hassle than a pihole, which I previously used for years.
I miss the ability to add random hosts to either black or white lists, but in reality only used it sporadically.
-
[email protected]replied to [email protected] last edited by
Adguard Home supports TLS, HTTPs, QUIC and other stuff natively, in case anyone reading wants to set up a pihole equivalent with less work for encrypted DNS.
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams
-
[email protected]replied to [email protected] last edited by
I use a local unbound DNS server on my router with Quad9 as upstream. I actually have google DNS entirely blocked/rerouted on my router because google uses it for advertising tracking, but I get creepers out by targeted ads showing up in random places when I do do something on a totally unrelated site. Most important thing, though, is to use DNSSEC or DNS over HTTPS to reduce middlemen from using your DNS info to track what sites you visit and sell that data. Of course ISPs still see the destination of all of your data for tracking what sites you visit unless you use a VPN or similar tools, so you can't hide it from them that way.
-
[email protected]replied to [email protected] last edited by
What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.
-
[email protected]replied to [email protected] last edited by
In regards to all the answers in this thread, consider: If you're not paying for it with money, then what are you paying for it with?
The most private DNS is a recursive resolver.
-
[email protected]replied to [email protected] last edited by
If you need a traditional, unencrypted DNS service, check out Quad9 and AdGuard's Public DNS. If you can use DoT or DoH, use LibreDNS or Mullvad DNS. If you want more customization, check out NextDNS.
-
[email protected]replied to [email protected] last edited by
Do you have the local unbound server respond to DoH so that the browser also uses encrypted client hello?
-
[email protected]replied to [email protected] last edited by
nextdns or mullvad?
-
[email protected]replied to [email protected] last edited by
-
[email protected]replied to [email protected] last edited by
Even DNSCrypt, but I think nobody really uses that.
-
[email protected]replied to [email protected] last edited by
DNSSEC is a means of authenticating the data receives was not tampered with, such as MITM attacks, thus ensuring data integrity. It uses PKI but it's not an alternative to DoH or DoT which encrypts the DNS traffic, either over HTTPS or TLS, providing confidentiality.
DNSSEC can be used in conjunction with DoH or DoT to achieve the Security CIA triad - Confidentiality, Integrity, Authenticity.
-
[email protected]replied to [email protected] last edited by
Why would you need cloudflared? Can't you justbset DoH/DoT servers as a backend in Pi-Hole?
-
[email protected]replied to [email protected] last edited by
Pihole doesn't directly support DOH, linked is their official guide for implementing it: using cloudflared.
-
[email protected]replied to [email protected] last edited by
I'm not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I'm at it.
Just sharing the knowledge for those that are interested. You can use any DOH provider you like.
-
[email protected]replied to [email protected] last edited by
quad9, blahdns, dnscry.pt, ibksturm, koki, litepay.ch serbica
-
[email protected]replied to [email protected] last edited by
No. I don't use DoH inside my network because I redirect DNS traffic on my primary VLAN to a pihole for ad and malware reducing. But I also control what has access to that VLAN pretty strictly. I have another VLAN for guests and untrusted devices that doesn't use the redirecting, but does use the Unbound server as the default DNS, just doesn't enforce it. And I have an even more locked down VLAN for self-hosted servers that also doesn't use the pihole, but does use Unbound.
-
[email protected]replied to [email protected] last edited by
Thanks for the correction, that was a typo based on a long work day screwing with my brain processing acronyms. I meant to say DNS over TLS or DNS over HTTPS.
