I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?
I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?
The question was about privacy. Routing your DNS traffic through a VPN puts your unencrypted traffic out of an endpoint with all sorts of other connections. That’s a privacy gain.
Further, using DNS-over-TLS or DNS-over-Https encrypts your query end-to-end.
Using both in concert prevents the DNS servers from knowing your IP and anyone along the route from knowing your query.
Sure, but we were talking about using Unbound, or some other recursive resolver, locally. Unbound doesn’t use DoH or DoT for its queries, and most/all authoritative servers don’t offer DoT/DoH.
You would have to use some local stub resolver, route its traffic over a VPN, and then use public resolver(s) that provide DoH/DoT (and those still use plaintext DNS to do their resolution, the benefit you get there is the shared cache and semi-anonymization due to aggregation). Whether that is good enough is up to you.
Why do you think that? This config value should set DoT: https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in#L903
Because most authoritative servers don’t offer DoT. Pretty sure “upstream” just refers to when your unbound is querying another recursive resolver…