this post was submitted on 30 Jun 2023
39 points (97.6% liked)

Privacy

32115 readers
869 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

you are viewing a single comment's thread
view the rest of the comments
[–] eleitl@lemmy.ml 2 points 1 year ago (1 children)

You run a local resolver for your household and enable DNS encryption where supported. Using a VPN for everything removes your ISP from the loop. It's a matter of privacy layers and your threat model. If you want to play with TLAs you'll need to try way harder.

[–] terribleplan@lemmy.nrd.li 2 points 1 year ago (1 children)

If my threat model realistically involved TLAs or other state-sponsored actors I would not be advertising what I do or do not know on a public forum such as Lemmy, haha.

This conversation was in the conext of running Unbound, which is a recursive resolver and AFAIK DNS "encryption" isn't a thing in a way that helps in this scenario... DoH, DoT, and DNSCrypt are all only concerned/deployed by recursive servers, meaning unbound isn't using those. DNSSEC only provides authentication (preventing tampering) of the response, not any sort of encryption/hiding.

[–] eleitl@lemmy.ml 1 points 1 year ago

I'm also running unbound on my opnsense, configured to use root DNS servers. Don't recall what exactly is enabled.

Yours is a good point why I should run all my traffic through a Wireguard tunnel to my dedicated server, so that my ISP is out of the loop.