Run your own unbound or bind resolvers!

  • @[email protected]
    link
    fedilink
    English
    716 months ago

    A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers…

    • Venia Silente
      link
      fedilink
      English
      556 months ago

      Never question the bravery of the French. They discovered snails are edible.

      As for their intelligence on the other hand…

    • @[email protected]
      link
      fedilink
      English
      246 months ago

      Since OpenNIC resolvers are user-run, doesn’t that mean a bad actor could theoretically pop up at any time and log any request that goes through them?

        • @[email protected]
          link
          fedilink
          English
          56 months ago

          I don’t know about unbound so I can’t really compare… OpenNic is not run by for-profit corporations, which I think is a good thing.

  • exu
    link
    fedilink
    English
    196 months ago

    Apparently Cisco operates a popular DNS resolver? Never heard of that before.

    And definitely don’t learn how to use a VPN. Or set up Unbound or Bind or PowerDNS Recursive…

      • k_rol
        link
        fedilink
        English
        76 months ago

        Ah crap, good to know. This sucks though, I was thinking of using it to replace CF. What’s left? Quad9 and the unbound type?

        • Venia Silente
          link
          fedilink
          English
          86 months ago

          ATM I’m using Quad9 and OpenNIC but I’m not sure how much of everything do they cover. I’m also not well aware of any other good “flat DNS” alternative (aka: one you can put right into your /etc/resolv.conf / Windows LAN config, without need of extra internal service).

    • Lee Duna
      link
      fedilink
      English
      106 months ago

      Cisco operates from the ISP side, they’ll poison DNS through their routers. And you should be aware that your ISP will employ Deep Packet Inspection which can also be done with Cisco routers. That means they can intercept internet traffic, especially if your internet connection is not encrypted.

      • exu
        link
        fedilink
        English
        76 months ago

        ISPs were already required to block the sites. I don’t think an additional block on the Cisco side would change anything in that case.

  • Domi
    link
    fedilink
    English
    86 months ago

    Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?

    I’m currently using Quad9 because they support DNS over TLS and DNS over HTTPS.

      • Domi
        link
        fedilink
        English
        36 months ago

        That is what I’m doing currently but now unbound doesn’t talk to the root servers anymore, it sends all queries to Quad9.

        Both scenarios are not ideal because you always end up with one entity knowing all your queries.

        • @[email protected]
          link
          fedilink
          English
          16 months ago

          Perhaps you could configure more than unbound service behind a loadbalancer. Each unbound instance is configured to use different upstream dns servers.

          Double check if unbound doesn’t allow you to randomly hop between dns upstreams first, but the above solution should work if that’s unavailable atm.

    • @out
      link
      English
      16 months ago

      Not sure you would even need encryption. Surely It can’t be illegal to ask the root servers (and all the other DNS servers involved, because the root servers only have IPs for TLD DNS servers) for IPs

      • Domi
        link
        fedilink
        English
        36 months ago

        Not illegal but it leaves all your DNS lookups in plain text with your ISP, which just doesn’t sit right with me.

        Not that the ISP in my country would care.

  • @[email protected]
    link
    fedilink
    English
    16 months ago

    I’m glad it’s only the football streaming sites, but I don’t much like that companies get this kind of legal power.