I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?

  • RustyWizard
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    The question was about privacy. Routing your DNS traffic through a VPN puts your unencrypted traffic out of an endpoint with all sorts of other connections. That’s a privacy gain.

    Further, using DNS-over-TLS or DNS-over-Https encrypts your query end-to-end.

    Using both in concert prevents the DNS servers from knowing your IP and anyone along the route from knowing your query.

    • terribleplan@lemmy.nrd.li
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Sure, but we were talking about using Unbound, or some other recursive resolver, locally. Unbound doesn’t use DoH or DoT for its queries, and most/all authoritative servers don’t offer DoT/DoH.

      You would have to use some local stub resolver, route its traffic over a VPN, and then use public resolver(s) that provide DoH/DoT (and those still use plaintext DNS to do their resolution, the benefit you get there is the shared cache and semi-anonymization due to aggregation). Whether that is good enough is up to you.