Ask HN: Which DNS service do you use for your computer's network settings?
And, do you recommend it?
I saw a comment recommending Mullvad's. I currently use the default DNS (my ISP's default).
I saw a comment recommending Mullvad's. I currently use the default DNS (my ISP's default).
116 comments
[ 7.1 ms ] story [ 192 ms ] threadI use Quad9 (9.9.9.9) and Freenom (80.80.80.80)
Never had any problems with either - I have both selected in case one has issues so that I don't need to immediately deal with "Daaaad the internet's not working!"
Their DNS privacy policy seems acceptable to me, as they’re not using it for ad data: https://developers.google.com/speed/public-dns/privacy
Google obviously has many concerns, but they’re trustworthy enough to follow their own privacy policy lest they get smited by governments.
Example: They can see that I have visited Wikipedia, but not what articles I’ve read. (Other sites will leak more info due to the nature of their subdomains, but it doesn’t bother me personally.)
lots of hits on hackernews and jsoneditoronline.org and I can say with a reasonable degree of certainty that you're in IT or Dev. gonna start sending you ads that reflect that.
likewise, hits to missile-gayboy.jp -- a site that used to be hosted by my old employers -- also sends some pretty clear messages. I don't need to know what you're looking at specifically there but it's a japanese site that caters to a specific niche; I can sure make some assumptions.
hell, at work we don't even collect a lot of specifics on our endpoints -- domain queries are often enough to catch bad behavior
Yes, I would recommend it. Running Unbound means you don't have to trust anyone's upstream DNS servers. Disadvantage is maybe slightly slower resolution, as you don't get to take advantage of the upstream server's caching.
https://wiki.alpinelinux.org/wiki/Using_Unbound_as_an_Ad-blo...
I would generally recommend using anything other than your ISP's DNS servers.
AdGuard has a pretty good list of available providers: https://adguard-dns.io/kb/general/dns-providers/
[1] https://dnsdist.org/ [2] https://0xerr0r.github.io/blocky/
Really, installing Unbound is piece of cake both on Windows and Linux.
Probably asking too much, but I want to ‘apt install unbound-quickstart’ and know sane defaults are configured. If anything goes wrong, I can delete a single config file or uninstall the package to go back to system defaults.
I'm literally just did this:
After reboot (again I'm lazy) I got: I think you... just misunderstood something years ago. You don't need 'quickstart' for thisOn Windows it's the same - download package, install it, configure 127.0.0.1 as primary DNS
This is the same reason I don't use a VPN by default at home.
@jedisct1, it would be great if there was an option to default to a ODoH/anonymized DNS setup mostly out the box.
- Google 8.8.8.8
- Cloudflare 1.1.1.1
4.2.2.2
4.2.2.3
Or that you haven't ever actually listened to him
But hey, you want to cheerlead for him with his track record, go right ahead.
Ok - I've listened to him off and on for about a decade
If you want to be upset over him ... go ahead
And that's fine, many don't. Which is why it's important those of us that do continue to speak up.
Take care.
Let it go
I don't really have it out for this guy, I'm just pointing out that he is a charlatan.
You seem to be really offended by that and are cheerleading for him even harder. Bizarre. I'm sorry the truth hurts you so.
Hahahaha
Well, "buddy", you seem to have it out for someone with zero evidence you can provide for why you are upset beyond, "if you know, you know"
That is not a reason, it is a claim to secret knowledge
Which...since you will not share, we have to assume does not exist
You're really one of those 'need to have the last word' types, huh.
Well, it's all yours. I have no more time to debate you than a Taylor Swift fan pissed off at me because I said one of her songs wasn't great.
That's fine - if you want to hold a grudge irrationally... you do you
Honestly, I find it hilarious you are defending this guy. He must have a real comforting voice or something.
Enlighten us, then, oh wise one!
What "knowledge" do you think I do not have that you somehow secretly do?
Cool
You are a mind reader!
SO glad you came out to tell me I do not know what I have been doing for years on end!
/s
There are lots of people in IT. It's a low barrier to entry. Plenty of people are like you and think they know what they are talking about while even managing to get paid for it.
Congratulations!
Apparently you never read my comment history ... or went through and downvoted me out spite
Keep your secret knowledge to yourself if you want - since you seem so averse to sharing why you think something
Such as ...?
But keep thinking you have
And also he sells ONE product that in 2023 has admittedly dubious value (SpinRite), and I will also admit that the website oversells it quite a bit. But all of the complaints I've seen about it basically boil down to those people not really understanding what it's for or what it does. It's not for "undeleting" data, it's not for fixing your broken filesystem, it can't recover data off a disk with a bullet-hole in it. It only works on spinning rust with _some_ bad physical sectors, if the damage is not severe enough that the data can't be recovered with many, many, repeat readings.
I listened to his podcast Security Now for the better part of a decade while commuting and found that he really enjoys getting to the root of whatever he's talking about and _usually_ (not always) does a pretty good job of explaining complex technical subjects verbally. He has always come across as quite humble to me, and _every_ episode began with a list of corrections from the previous episode. When he does make mistakes, at least he admits them.
Maybe you are not old enough to remember or be aware of how ridiculous he used to be. He's been pretty quiet the last decade, likely due to getting batted down every time he would pop up with some nonsense.
No personal grudge, just the advantage of experience. I'm hardly alone in holding this view. If you did some research, and listened to some actual security podcasts, you might learn a little bit more regarding all this.
Such as... what? Who do you think knows more than he does and/or what has he said that is incorrect?
But hey, you do you.
From outside, it looks like you have a grudge against them, but brought no actual reason. Thanks for your input I guess.
Before you shut me down as well, I learned of Gibson Research in this very thread. I'm no paid actor.
I also suggested people can google if they want to learn more.
Next time you're a random passerby to an argument you see me involved in, please just keep passing by.
Can't elaborate on anything except some kind of claimed secret knowledge that the rest of us plebes must obviously not have
Sad, really
Stop.
He's not a "favorite podcaster"
But nice try at casting aspersions instead of answering the question
Keep your irrational opinions then
It's not hard. It uses minimal resources. It can be enhanced with ad-block lists similar to pi-hole so your whole network benefits.