Best DNS for privacy?

fatcat@discuss.tchncs.de · 1 year ago

Best DNS for privacy?

ddh@lemmy.sdf.org · 1 year ago

Yes, but what does it use?

RustyWizard@programming.dev · 1 year ago

Authoritative name servers.

Good enough write-up about it here: https://docs.pi-hole.net/guides/dns/unbound/

terribleplan@lemmy.nrd.li · 1 year ago

The only problem there is that if you are going for privacy all of the traffic between your unbound and the authoritative servers is unencrypted. It us certainly a trade-off involving trusting a 3rd party, but with a busier public DNS server there can be a level of plausible deniability due to the aggregation and shared caching involved.

RustyWizard@programming.dev · edit-2 1 year ago

Kinda. You can always route your traffic over a VPN. Further, from the unbound page:

To help increase online privacy, Unbound supports DNS-over-TLS and DNS-over-HTTPS which allows clients to encrypt their communication. In addition, it supports various modern standards that limit the amount of data exchanged with authoritative servers. These standards do not only improve privacy but also help making the DNS more robust. The most important are Query Name Minimisation, the Aggressive Use of DNSSEC-Validated Cache and support for authority zones, which can be used to load a copy of the root zone.

Edit: to be clear, I run unbound but I don’t recall how much I hardened it. The config file is fairly large and I was mostly focusing on speed and efficiency since it’s running on an already busy raspberry pi.