I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    The question was about privacy. Routing your DNS traffic through a VPN puts your unencrypted traffic out of an endpoint with all sorts of other connections. That’s a privacy gain.

    Further, using DNS-over-TLS or DNS-over-Https encrypts your query end-to-end.

    Using both in concert prevents the DNS servers from knowing your IP and anyone along the route from knowing your query.

    • terribleplan
      link
      fedilink
      English
      11 year ago

      Sure, but we were talking about using Unbound, or some other recursive resolver, locally. Unbound doesn’t use DoH or DoT for its queries, and most/all authoritative servers don’t offer DoT/DoH.

      You would have to use some local stub resolver, route its traffic over a VPN, and then use public resolver(s) that provide DoH/DoT (and those still use plaintext DNS to do their resolution, the benefit you get there is the shared cache and semi-anonymization due to aggregation). Whether that is good enough is up to you.