this post was submitted on 11 Nov 2023
71 points (96.1% liked)

Technology

59174 readers
3700 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Im looking for a dns that doesnt spy on me as much as google's dns server.

all 28 comments
sorted by: hot top controversial new old
[–] [email protected] 39 points 1 year ago (3 children)

Mullvad recently announced a free encrypted DNS. It can block ads and malware too.

https://mullvad.net/en/help/dns-over-https-and-dns-over-tls

[–] [email protected] 2 points 1 year ago (1 children)

Awesome, I didn't know about this. I love Mullvad.

[–] [email protected] 2 points 1 year ago

I don't think you need that if you already use their VPN, as that already connects to their DNS servers.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (3 children)

im having trouble setting it up. when i enter the ip into the dns slot in my network settings it does not work.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

That’s the unencrypted DNS version. The adblocking will work but your queries won’t be encrypted. You’ll either have to configure it on your browser, or configure system-resolved like what is written in the article that was posted.

Other options are Aha DNS and Control D.

[–] [email protected] 2 points 1 year ago

If your distro makes use of systemd, just use resolved: https://wiki.archlinux.org/title/Systemd-resolved#Manually

[–] [email protected] 1 points 1 year ago (1 children)

Adguard also offers free public DNS. I've used it since discovering that cloudflare blackholes archive.org and all similar sites.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

You're probably confusing archive.org (The Internet Archive non-profit organization), which works with cloudflare dns, with archive.is (alternate domain for archive.today website snapshot service, commonly used to bypass paywalled articles), which don't work on cloudflare but it's due to its owner's decision, not cloudflare's fault. The gist is archive.is uses dns-based load balancer and CDN, which requires EDNS Client Subnet to determine the closest servers to serve the request. But Cloudflare disable EDNS Client Subnet on ther DNS service for privacy reason which seems to piss archive.is owner so much they blocked cloudflare dns.

[–] [email protected] 26 points 1 year ago (1 children)

Run a Pi-hole with Unbound

[–] [email protected] 3 points 1 year ago

Seriously, can vouch for this. Pi-hole is great!

[–] [email protected] 20 points 1 year ago* (last edited 1 year ago)

I’ve been using Quad9 and I’m happy with it. Here’s the site if you’re interested in looking into it further.

Quad9

Mullvad is another great option that’s already been mentioned.

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 4 points 1 year ago

This coupled with pihole is great! The pihole docs even have setup for unbound and it’s really easy to follow.

[–] [email protected] 11 points 1 year ago

NextDNS.

You can control if you want logs or not, where to store them, for how long, which domains to block, which encryption protocol will be used, and many more features.

[–] [email protected] 11 points 1 year ago

Honest question, what's wrong with cloudflare?

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 3 points 1 year ago (1 children)

Mullvad is a better option

[–] [email protected] 3 points 1 year ago
[–] [email protected] 8 points 1 year ago

Here are two resources for privacy-oriented DNS:

  1. The provider list for the https-dns-proxy module of OpenWRT: https://github.com/stangri/source.openwrt.melmac.net/tree/master/luci-app-https-dns-proxy/root/usr/share/https-dns-proxy/providers
  2. Privacy-oriented European public DNS services: https://european-alternatives.eu/category/public-dns
[–] [email protected] 5 points 1 year ago

Adguard has a quite comprehensive list of known DNS providers in their documentation. It's very useful because my ISP transparently redirect all dns queries on port 53, so I'll have to find DNS providers that listen on alternate ports for my upstream DNS in my Adguard instance.

[–] [email protected] 5 points 1 year ago

If you have the skill to implement Pi Hole is the best option. If not MullvadDNS is a solid option but if you want a granular control over your DNS queries no doubt NextDNS.

[–] [email protected] 4 points 1 year ago
[–] [email protected] 3 points 1 year ago

In case you are unaware, make sure to override DNS on any web browsers or other programs that might be skipping OS configured DNS servers to use hard-coded DNS over HTTPS servers.

If you're running your own DNS resolver you can hint this to some applications in your network via a canary domain

[–] [email protected] 3 points 1 year ago

Adguard has an encrypted dns

[–] [email protected] 2 points 1 year ago

If you are in Europe, try dns0: https://www.dns0.eu/

[–] [email protected] 1 points 1 year ago

I'm shilling for controld.com and I will die on this hill.

[–] [email protected] 1 points 1 year ago