My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?
NextDNS has the ability to change the logging region to one that’s outside your governments jurisdiction
A simple solution is Quad9 aka 9.9.9.9. NextDNS is fairly simple but allows customization.
I use Mullvad DNS when I’m mobile and unbound on my pi when I’m at home
Quad9 (9.9.9.9) is my go to.
This tool is great for figuring out which one is the fastest for you: https://www.grc.com/dns/benchmark.htm
I use a local unbound DNS server on my router with Quad9 as upstream. I actually have google DNS entirely blocked/rerouted on my router because google uses it for advertising tracking, but I get creepers out by targeted ads showing up in random places when I do do something on a totally unrelated site. Most important thing, though, is to use
DNSSECDNS over TLS or DNS over HTTPS to reduce middlemen from using your DNS info to track what sites you visit and sell that data. Of course ISPs still see the destination of all of your data for tracking what sites you visit unless you use a VPN or similar tools, so you can’t hide it from them that way.Edit: DNS over TLS not DNSSEC, totally different thing…
I recently switched to NextDNS. I used to run my own AdGuard Home with multiple DNS provider as upstream.
Regular DNS can be monitored, intercepted, and modified however your ISP decides, even with you specifying custom DNS servers.
I run pihole on my LAN, with cloudflared as its upstream DNS. Cloudflared translates regular DNS into DOH using cloudflare and quad9 as the upstream DOH providers (configurable).
Finally I block all port 53 (dns) traffic at the router so it cannot leave my LAN. All LAN devices that want regular DNS are forced to use the LAN DNS server which wraps their requests in DOH for them. (as well as blocking ads, tracking/telemetry, and known malware sites)
What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.
I’m not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I’m at it.
Just sharing the knowledge for those that are interested. You can use any DOH provider you like.
You can run Unbound with PiHole, that way its upstream is root servers instead of a single site.
But at that point pihole is just a fancy web interface with some nice looking but for most purposes useless graphs. I just let Unbound filter stuff with the same filter lists pihole would use.
If you need a traditional, unencrypted DNS service, check out Quad9 and AdGuard’s Public DNS. If you can use DoT or DoH, use LibreDNS or Mullvad DNS. If you want more customization, check out NextDNS.
Even DNSCrypt, but I think nobody really uses that.
I use 1.1.1.1 as my dns because I don’t forget it. Should I not be?
The question to ask yourself is why is cloudflare offering that service for free? Probably because they get something out of it, like analysing the data.
