Welcome to the PiMP OS and Miner.farm forum.
Discussion about DNS Privacy
Good discussion on DNS privacy from the PiMP Discord folks:
Question for you all on vpn's: my provider doesn't have their own dns, so would like to ask: vpn providers, do they their own dns providers dns servers / Google's/ or a third parties? what about Google being able to track from the dns request which site your visiting, are your not concerned with that too much given the fact that the data is encrypted from sender to receiver?
How many dns requsts do you think that address recieves per second?
(hint: its in the millions)
While google could try to filter that for a list of people to watch, its both impractical and not in googles interest to do so.
here is the real danger: since google DNS is a top level domain controller, they can choose to block lookups on a given site. This action is usually taken against known bot control nodes, etc
they dont have to filter traffic, they can just shut a site off by denying lookups for it.
the majority of DNS root machines are in the US, which means they are subject to US law. IF the US decides to pass a law that requires blocking certain sites based on criteria...
In the UK, British Telecom does block sites as they see fit, which many feel is censorship.
This has almost happened in the USA: https://en.wikipedia.org/wiki/Stop_Online_Piracy_Act
Stop Online Piracy Act
The Stop Online Piracy Act (SOPA) was a controversial United States bill introduced by U.S. Representative Lamar S. Smith (R-TX) to expand the ability of U.S. law enforcement to combat online copyright infringement and online trafficking in counterfeit goods.
Yes I read on my app that google is release Intra app for secure dns requests for older Android's vs 8 backwards
and also ESNI... Interesting times.
Bottom line: you are likely safe using google dns as a default for almost any activity. However, if you are concerned about potential hazards from google (via US law or whatever), you can use a DNS root located in your country of choice.
ESNI is interesting; it neatly solves a problem the internet has had for a while and it uses the same idea as mail SPF records. But instead of a record listing authorized mail servers, it would be the public key of the site
since you are making the lookup anyway, adding the key record to the results is a no brainer.
I use the following site for a list of DNS roots: https://www.iana.org/domains/root/servers
Typically you would not use the root server for your daily lookups, as it is busy answering all lower dns servers.
Note, Google's 184.108.40.206 server isnt in there.
Other DNS providers are available as well. Here is an example of one addressing your concerns:
220.127.116.11 — the Internet’s Fastest, Privacy-First DNS Resolver
ESNI is brand new, still proposed:
Electronic Frontier Foundation
ESNI: A Privacy-Protecting Upgrade to HTTPS
Today, the content-delivery network Cloudflare is announcing an experimental deployment of a new web privacy technology called ESNI. We’re excited to see this development, and we look forward to a future where ESNI makes the web more private for all its users.
Peoplw can also use more secure DNS server software.
Whats tinydns? it is dns resolver service software.
Apache is a web server, bind and tinydns are dns servers.
Bind is the usual default, but its very insecure and slow.
Tiny is written (long ago) by a brilliant but crazy man. It works insanely fast, is absolutely secure.
Many thanks Melt :)
bradley.singletary last edited by
Melt, I collect and track various dns providers for latency reduction purposes. A great tool to try is DNS Jumper...
You can add your own favorites to it. This can be night and day difference in both your security and your surfing experience.
Wow this is a great Windows tool!
Thank you for sharing it.
Today I will guide you How to Blind your ISP & keep your data safe!
Protect your privacy. Defend yourself against network surveillance and traffic analysis and stop your isp from spying on you.
It's simple and can be done via Firefox. When you enable this, you don't need a VPN to browse blocked websites, It will unlock all domains worldwide.
Download Latest Firefox From https://www.mozilla.org/en-US/firefox/
Install and Open it.
In Firefox "Address bar"
Press Enter and click on "I accept the risk!" which will allow you to configure Firefox properly.
- Search for "esni.enabled"
Double Click on it or right click and click "Toggle" which will enable "esni.enabled".
- Search for "trr.mode"
Double click on it or right click and select Modify.
network.trr.modeto 2 to make DNS Over HTTPS. It will secure your connection and unlock all blocked domain names.
Enter 2 and Click OK!
- Test your connection and It should be fully secured.
Click on: Check My Browser
bradley.singletary last edited by
Thanks for this!
Here is an easy to understand explanation of DOH: https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
Here is an explantion for mozilla: https://daniel.haxx.se/blog/2018/06/03/inside-firefoxs-doh-engine/
Also, looks like running DOT on dd-wrt to cloudflare instead of DOH on the browser to cloudflare could be a great general option for SOHO networks. https://blog.cloudflare.com/dns-over-tls-for-openwrt/
Here are some other clients: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients
We promise to keep your email safe and never spam you.
Copyright (c) 2012-2018 PiMP LLC. All rights Reserved.