I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

  • @[email protected]
    link
    fedilink
    English
    -231 year ago

    The one from your ISP. Your ISP can see your traffic anyway, so you gain nothing by using a third-party DNS server.

    • @[email protected]OP
      link
      fedilink
      English
      31 year ago

      As far as I read (I’m no expert!) they could check the SNI of the TLS handshake if they want. But using the DNS of the ISP is handing them the data right in a way they can analyze/use them very easily afaik?

      Still learning about this topic!

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        They route your traffic, hence they can see all IP addresses you communicate with. With a reverse lookup you can then usually find out the address too.

      • @bazsy
        link
        English
        11 year ago

        The header of a Http request always contains the domain unencrypted because it’s possible to host many different websites on the same IP. So this information is needed before the encrypted tunnel is built up.

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        In the end it comes down to what your goals is. DOH indeed hides DNS queries from sniffers and your ISP, but the traffic between you and your destination is still visible for the ISP (unless you use a VPN or TOR).

        If you only care about the content blocking aspect a third party resolver may make sense as @[email protected] explained below.

    • @seasick
      link
      English
      11 year ago

      My 50 cents: Nowadays most traffic is encrypted and your ISP can only see what server you are talking to, but not which domain. The domain although can be figured out with a reverse DNS lookup. So unless more then one domain is hosted on a given up, your ISP could also know the domain.