- 0 Posts
- 34 Comments
Looks like my answer wasn’t saved, great…
Anyway, sorry for not reading all of that, but I’ll make it short and stop discussing because I feel like this is leading nowhere.
Unless you’re using hyperlocal and cover all TLDs and wanna browse the internet there’s technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Tell me you didn’t read the article without telling me you didn’t read the article. Let me point out the relevant part for you:
“A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, […]”
See that last part with “or send a request to a root nameserver”? That is the DNS server on the internet your Unbound DNS server will ask if it doesn’t have the answer cached for you already.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. “middle man” has a very negative taste but in this case it really isn’t bad at all.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Okay, so you get it but you don’t get it fully. Again: Your Unbound DNS server can’t magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
Unbound (your machine) is asking the DNS nameserver.
YES! And where do you think is the DNS server Unbound asks if it doesn’t know the answer because it’s not cached yet? It’s some server on the internet.
You’re saying you are your own middleman lol.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
<Client> –> asks –> <DNS server on the internet> –> answers –> <Client>
You do:
<Client> –> asks –> <Unbound DNS (the middle man)> –> asks –> <DNS server on the internet> –> answers –> <Unbound DNS (the middle man)> –> answers –> <Client>
Let me say it again: Your Unbound DNS server being the middle man isn’t a bad thing so please don’t think “middle man” is always a negative term.
I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound.
I just linked Cloudflare’s article about it because they explain it well. Doesn’t mean one must use Cloudflare’s DNS servers.
Did you read the article I linked?
Yes, I did. But I knew what a recursive resolver is before I checked the link because I’m a professional IT administrator and I know how DNS works. It’s part of my job.
You don’t cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can’t just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you’re not using hyperlocal you will always need a DNS server on the internet to browse the web.
Ooh, gotcha! Maybe this one then? I think they recently changed their design.
RethinkDNS maybe? Or maybe NextDNS?
Yes. Your DNS queries will be sent to a group of DNS servers instead of just one and they all can respond. This helps lowering the latency and improves the reliability since not just one DNS server can respond to your DNS queries. The installation page of NextDNS uses the anycast IP addressess.
Sadly Plex collects some data about its users. I remember opting out of some telemetry stuff but I can’t remember where that was. If you want a self-hosted streaming service like Plex that completely respects your privacy, Jellyfin is what you’re looking for. I tried it and it’s okay but not as good as Plex imo. But if your main focus is privacy then you should definitely check it out. It’s FOSS.
Edit:
I found where I had to opt out some data collection for Plex. Open this site, scroll halfway down the page. You’lle see two checkboxes for “Send playback data to Plex” and “Advertising Consent”.
Sounds like it’s pretty much the same as NextDNS this way. Did you ever use NextDNS? If the answer is yes: What made you go with RethinkDNS over NextDNS?
Edit: I just checked it out since it’s free. It’s probably great in combination with their app but without the app you lack a custom white- and blacklist and a query log. Means if you don’t wanna use the app then you can just manage your filter lists but that’s it. And there’s only an app for Android so it’s not very attractive to use on non-Android devices.
I used Pi-hole and AdGuard Home but they of course only work in your home LAN. So I switched to NextDNS and I’m happy (but not very happy) with it. Their DNS servers are fast and I can choose the blocklists to use myself. It also has a white- and blacklist. And the best part is that I don’t need an app on my phone to use it.
The only thing that bugs me are (feature) updates. I’ve been using it for about a year now and I think nothing has changed this entire time. Also they still offer the Energized blocklists which are dead for over a year now. It feels like the devs don’t care much about their product as long as it keeps running and people pay for it which is sad.
Depending on where you live you might just let your ISP give you a modem and you can choose the router yourself. ISPs use the TR-069 protocol which allows them to manage and administrate the router they gave you. This is probably what they did when they made the changes you mentioned. It even allows them to analyze your whole home network. Thanks to this they can spy on you if they want to. So my advice is to just get a modem from them and choose your own router because then they can’t spy on you. My advice is to use OPNsense, it’s open source.
Edit: Bridge mode + your own router so they can’t spy on your home network would also do the trick.
Also according to the arkenfox Wiki you shouldn’t bother with Decentraleyes.
The only things I can imagine here are because they had a data breach where the attackers could see the traffic of users and aggressive advertising, which is tbh just annoying. That of course doesn’t mean they’re bad in terms of their user’s privacy.
Mullvad has been visited by the police but Mullvad couldn’t deliver them what they wanted because they don’t keep data of their users. This is proof that they truly don’t keep logs. This incident alone makes me personally prefer Mullvad over NordVPN.
If you ask me then don’t bother buying them. Why? Because typing in your password to unlock your DB is still possible and afaik it cannot be turned off. Adding Yubikeys as additional option adds comfort but it’s an additional way for an intruder to unlock your DB. You want less options for an unauthorized person to unlock your DB for better security, not more.
I switched back and forth between Firefox and Chromium based browsers like Brave and Vivaldi. To be fair Firefox felt slow in comparison for a long time but that changed in the last few months. I think since about Firefox v114 I don’t feel a difference anymore and that’s why I’m using Firefox now. Best is to tell those people to try Firefox again because it recently became faster (in my experience).
Not even gonna name the source where you got that from? :P