What, if any, Public DNS is preferred?

kekmacska@lemmy.zip

quad9, blahdns, dnscry.pt, ibksturm, koki, litepay.ch serbica

irotsoma@lemmy.blahaj.zone

No. I don't use DoH inside my network because I redirect DNS traffic on my primary VLAN to a pihole for ad and malware reducing. But I also control what has access to that VLAN pretty strictly. I have another VLAN for guests and untrusted devices that doesn't use the redirecting, but does use the Unbound server as the default DNS, just doesn't enforce it. And I have an even more locked down VLAN for self-hosted servers that also doesn't use the pihole, but does use Unbound.

irotsoma@lemmy.blahaj.zone

Thanks for the correction, that was a typo based on a long work day screwing with my brain processing acronyms. I meant to say DNS over TLS or DNS over HTTPS.

calamityjanitor@lemmy.world

Yeah fair. I tried setting it up, but honestly probably not worth the effort in home networks. Problem is browsers don't know that the other end of the unbound DNS server is DoH, so it won't use ECH. Even once set up, most browsers need to be manually configured to use the local DoH server. Once there's better OS support and auto config via DDR and/or DNR it'll be more worth bothering with.

xanza@lemm.ee

Light + TIF                     https://sky.rethinkdns.com/1:AAkACAQA
Normal + TIF                https://sky.rethinkdns.com/1:AAkACAgA
Pro + TIF                 https://sky.rethinkdns.com/1:AAoACBAA
Pro plus + TIF               https://sky.rethinkdns.com/1:AAoACAgA
Ultimate + TIF              https://sky.rethinkdns.com/1:gAgACABA

Light + TIF                 https://dns.dnswarden.com/00000000000000000000048  
Normal + TIF                 https://dns.dnswarden.com/00000000000000000000028  
Pro + TIF                 https://dns.dnswarden.com/00000000000000000000018  
Pro plus + TIF               https://dns.dnswarden.com/0000000000000000000000o  
Ultimate + TIF              https://dns.dnswarden.com/0000000000000000000000804  

Light                https://freedns.controld.com/x-hagezi-light
Normal                https://freedns.controld.com/x-hagezi-normal
Pro                https://freedns.controld.com/x-hagezi-pro  
Pro plus                https://freedns.controld.com/x-hagezi-proplus  
Ultimate                https://freedns.controld.com/x-hagezi-ultimate
TIF                https://freedns.controld.com/x-hagezi-tif

Rethink DNS, DNS Warden, and ControlD with Hagezi blocklists via DoH/3. I highly recommend the '+ TIF' as they are threat intelligence feeds which are up to date lists of bad actors/malware.

fmstrat@lemmy.nowsci.com

You can run Unbound with PiHole, that way its upstream is root servers instead of a single site.

nonentity@sh.itjust.works

Go directly to the root.

ooops@feddit.org

But at that point pihole is just a fancy web interface with some nice looking but for most purposes useless graphs. I just let Unbound filter stuff with the same filter lists pihole would use.

const_void@lemmy.ml

NextDNS has the ability to change the logging region to one that’s outside your governments jurisdiction

stomata@sh.itjust.works

You are suggesting trackers

comicsads@lemmy.blahaj.zone

I use 1.1.1.1 as my dns because I don't forget it. Should I not be?

datavoid@lemmy.ml

Quad9 (9.9.9.9) is my go to.

This tool is great for figuring out which one is the fastest for you: https://www.grc.com/dns/benchmark.htm

fmstrat@lemmy.nowsci.com

True, but there's use in the UI. I.E. manual blocking/unblocking is simplified. Some use ot for DHCP, too.

truthfultemporarily@feddit.org

The question to ask yourself is why is cloudflare offering that service for free? Probably because they get something out of it, like analysing the data.