Either they’re okay with a switch and it’s easy or they are not open for that and it’s impossible to change their mind.
Pretty much nobody I know wants to switch to Signal or any other messaging app. So it’s SMS communication with them because I definitely won’t install WhatsApp.
Why would they want to stop? This is their fight against adblockers and on Chromium based browsers it’s an effective way so of course they keep pushing. ;)
Looks like my answer wasn’t saved, great…
Anyway, sorry for not reading all of that, but I’ll make it short and stop discussing because I feel like this is leading nowhere.
Unless you’re using hyperlocal and cover all TLDs and wanna browse the internet there’s technically no way around but to use an online DNS server. So coming back to the privacy aspect of this topic the question is: Which one do you trust?
tl;dr: Cut out Cloudfare’s recursive resolver (or anyone else’s) and run your own via PiHole and Unbound.
Tell me you didn’t read the article without telling me you didn’t read the article. Let me point out the relevant part for you:
“A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, […]”
See that last part with “or send a request to a root nameserver”? That is the DNS server on the internet your Unbound DNS server will ask if it doesn’t have the answer cached for you already.
Umm, Unbound is on your machine. So you’re saying you are your own middle man lol…
Exactly! Since the Unbound DNS server is your server you created your middle man server yourself. “middle man” has a very negative taste but in this case it really isn’t bad at all.
It asks the authoritative nameservers, which is who external DNS servers ask. By using Unbound, you are cutting out those external DNS servers, because you/Unbound is the DNS server. You are asking the authoritative name server directly instead of inserting someone else to ask on your behalf.
Okay, so you get it but you don’t get it fully. Again: Your Unbound DNS server can’t magically know which IPs are behind a domain name. So what does it do? It asks a DNS server on the internet because they know the answer. When you Unbound DNS server got the answer it then tells your computer.
Unbound (your machine) is asking the DNS nameserver.
YES! And where do you think is the DNS server Unbound asks if it doesn’t know the answer because it’s not cached yet? It’s some server on the internet.
You’re saying you are your own middleman lol.
I said you create your own middle man. Unbound is your middle man in this case because you make it look up the IPs behind the domains and it tells your computer these IPs then.
Instead of:
\ –> asks –> \ –> answers –> \
You do:
\ –> asks –> \ –> asks –> \ –> answers –> \ –> answers –> \
Let me say it again: Your Unbound DNS server being the middle man isn’t a bad thing so please don’t think “middle man” is always a negative term.
I’m saying cut out Cloudfare’s recursive resolver and run your own via PiHole and Unbound.
I just linked Cloudflare’s article about it because they explain it well. Doesn’t mean one must use Cloudflare’s DNS servers.
Did you read the article I linked?
Yes, I did. But I knew what a recursive resolver is before I checked the link because I’m a professional IT administrator and I know how DNS works. It’s part of my job.
You don’t cut the middle man, you create the middle man with Unbound. And Unbound needs to ask other DNS servers on the internet to resolve DNS queries. Your local DNS server can’t just magically know which IP is behind a domain like for example google.com. It needs to ask other DNS servers that know the answer. So unless you’re not using hyperlocal you will always need a DNS server on the internet to browse the web.
The question still remains because what upstream DNS server in Pi-hole will you use? You’ll always need to use a DNS server on the internet unless you use hyperlocal.
Depends on what is secure enough to you. For me that is secure enough but I know a ton of people out there who would say it’s not secure enough for them. So in the end it’s up to you. Think about the risks and make a decision.
I use a Synology NAS which I can access from everywhere as long as I have internet connection.
The title is misleading. The article only talks about LinkedIn.
There are even services that send you newsletter shit although you made sure you’re opted out.
Also there’s newsletter with a link to opt out but the link is just fake. I hate it so much.
As long as it works fine for you I’m glad. :)
If you’re interested here are my three bad experiences with AGH:
Really? How do I do that? I’d love to add the Neo Dev Host List to NextDNS.
and I was talking about Pi-Hole
Well, you said “you” so I thought you were talking about me since you replied to my comment.
Firefox and Telegram for example has built-in DNS if I’m not wrong. (you can disable it easily)
Right. I don’t know about Telegram but in Firefoxes case I think it’s disabled by default. I specifically checked that on my Firefox so it won’t bypass my OPNsense.
We are sharing our use cases. And my context was “I don’t understand why people even talks about Pi-Hole”
You don’t see it, do you? First you talk about your use case but then you talk about other people. So not your use case anymore. In their use case a Pi-hole, AdGuard Home, NextDNS or whatever else maybe makes sense and isn’t a bad choice.
EDIT: Also, I think using your phone for other things is wrong, they aren’t really designed for that, they aren’t that secure as a PC can be.
Erm… what?? Smartphones are designed for many different things. Browsing the internet is just one of many things it’s made for. It’s called “smartphone” for a reason.
Read the whole sentence. That “just” belongs to the fact that it’s only available on a few selected OSes and none of them are for mobile devices.
Good choice. I’ve switched from pfSense to OPNsense over a year ago and I never looked back. Now that the news are out there’s one more reason for me to not look back.
… any app can bypass easily your DHCP DNS provided…
In my network it can only do that if the app has a hardcoded encrypted DNS server because I use NAT rules to force all unencrypted DNS to be processed by my OPNsense (which uses NextDNS as upstream DNS servers). And I highly doubt many apps even have a hardcoded DNS server anyway (no matter if unencrypted or encrypted).
and as I said, I don’t install any weird app on my phone, I just use it as a phone, to communicate, chat and to download podcasts to listen on night.
That’s your personal use case but not everyone elses. I do much more with my phone. For example browsing. And I think most people do it too. Anyway, as long as you use mobile internet even your OS on your phone could spy on you with tracker domains. Most people don’t use a custom ROM so you’re just one of few people who this doesn’t apply to.
While you just win at your local home network… xD
Wrong. I use NextDNS so I have it everywhere. ;)
I use Pi-Hole and works great. I’ve heard about AdGuard and seems the same thing as PiHole
Only if you’re talking about AdGuard Home, then yes. When you talk about AdGuard you usually just mean the adblocker app which is something completely different.
I used all three of them. While AdGuard Home has some nice features that Pi-hole doesn’t, it in my experience has much more problems and has been unstable on some updates. So since you prefer stability for your DNS server I’d recommend Pi-hole over AdGuard Home.
NextDNS doesn’t need to be self-hosted because it’s a service on the internet. The disadvantage is that you are offered a list of blocklists from which you can choose but unlike Pi-hole or AdGuard Home you cannot add more lists. But they offer many lists so that’s not a big problem. If you need more than 300k queries a month you need to pay for their service. But since NextDNS is a service on the internet it means that you can use it on all of your devices no matter where you are.
Maybe because that’s just a firewall that can be installed on Windows, Debian/Ubuntu and Fedora. What about your mobile devices? This is where Pi-hole, AGH, NextDNS etc. win.
Does it have to be an app? I decided against an app because there are good websites like dict.cc with a mobile browser version which does its job very well. Another app less.
Not even gonna name the source where you got that from? :P