Privacy

33294 readers

1108 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

What, if any, Public DNS is preferred? (self.privacy)

submitted 1 day ago by splintertank to c/[email protected]

31 comments fedilink hide all child comments

My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I'm guessing there's a better, more private, option?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 7 points 1 day ago* (last edited 16 hours ago) (2 children)

I use a local unbound DNS server on my router with Quad9 as upstream. I actually have google DNS entirely blocked/rerouted on my router because google uses it for advertising tracking, but I get creepers out by targeted ads showing up in random places when I do do something on a totally unrelated site. Most important thing, though, is to use ~~DNSSEC~~ DNS over TLS or DNS over HTTPS to reduce middlemen from using your DNS info to track what sites you visit and sell that data. Of course ISPs still see the destination of all of your data for tracking what sites you visit unless you use a VPN or similar tools, so you can't hide it from them that way.

Edit: DNS over TLS not DNSSEC, totally different thing...

[–] ITeeTechMonkey 2 points 1 day ago (1 children)

DNSSEC is a means of authenticating the data receives was not tampered with, such as MITM attacks, thus ensuring data integrity. It uses PKI but it's not an alternative to DoH or DoT which encrypts the DNS traffic, either over HTTPS or TLS, providing confidentiality.

DNSSEC can be used in conjunction with DoH or DoT to achieve the Security CIA triad - Confidentiality, Integrity, Authenticity.

[–] [email protected] 2 points 16 hours ago

Thanks for the correction, that was a typo based on a long work day screwing with my brain processing acronyms. I meant to say DNS over TLS or DNS over HTTPS.

[–] calamityjanitor 2 points 1 day ago (1 children)

Do you have the local unbound server respond to DoH so that the browser also uses encrypted client hello?

[–] [email protected] 2 points 16 hours ago (1 children)

No. I don't use DoH inside my network because I redirect DNS traffic on my primary VLAN to a pihole for ad and malware reducing. But I also control what has access to that VLAN pretty strictly. I have another VLAN for guests and untrusted devices that doesn't use the redirecting, but does use the Unbound server as the default DNS, just doesn't enforce it. And I have an even more locked down VLAN for self-hosted servers that also doesn't use the pihole, but does use Unbound.

[–] calamityjanitor 1 points 10 hours ago

Yeah fair. I tried setting it up, but honestly probably not worth the effort in home networks. Problem is browsers don't know that the other end of the unbound DNS server is DoH, so it won't use ECH. Even once set up, most browsers need to be manually configured to use the local DoH server. Once there's better OS support and auto config via DDR and/or DNR it'll be more worth bothering with.