DNS servers. :: Fibre Broadband

General Discussion
>> Fibre Broadband

Pages in this thread: 1 | 2 | [3] | (show all)

Print Thread

jchamier
(eat-sleep-adslguide) Sun 31-Dec-23 11:08:49

Re: DNS servers.

[re: TinyMongomery] [link to this post]

In reply to a post by TinyMongomery:
HTTPS doesn’t encrypt the destination IP address. Routers still need to know where to route packets to.

Great, its an AWS or Azure IP or a load balancer. Really tells them nothing.

_{24 years of broadband connectivity since 1999 trial - Live BQM}

TinyMongomery
(eat-sleep-adslguide) Sun 31-Dec-23 12:59:47

Re: DNS servers.

[re: jchamier] [link to this post]

Depends who “them”is. If it’s Microsoft …

My point is that there is a lot more to worry about, security- and privacy-wise, on the Internet than whether someone can see your DNS queries. Far more important is how reliable the answers to those queries are.

Run a local DNS server and there won’t be so many requests to external servers in the first place.

--------------------------------------------------------------
Be the person your dog thinks you are.

Andrue
(eat-sleep-adslguide) Sun 31-Dec-23 13:05:25

Re: DNS servers.

[re: TinyMongomery] [link to this post]

In reply to a post by TinyMongomery:
Depends who “them”is. If it’s Microsoft …

My point is that there is a lot more to worry about, security- and privacy-wise, on the Internet than whether someone can see your DNS queries. Far more important is how reliable the answers to those queries are.

Run a local DNS server and there won’t be so many requests to external servers in the first place.

Or you can just accept that like 99% of people you're of no interest to anyone and no-one in authority cares what you do wink

---
Andrue Cope
Brackley, UK

behuk
(learned) Sun 31-Dec-23 13:18:13

Re: DNS servers.

[re: smouty] [link to this post]

In reply to a post by smouty:
In reply to a post by jchamier:
Exactly, with some services if you use your ISP hosted DNS you get faster performance.

Which is fine if you do not mind them harvesting your browsing habits and selling the data on.

Unbound is best for privacy but not so easy to setup for people with a consumer type router.

How does Unbound prevent your ISP from harvesting DNS queries -- you'll be making unencrypted queries to the authoritative nameservers, which your ISP could snoop on if they wanted. If you don't trust your ISP, wouldn't one of the forms of encrypted DNS be better?

TinyMongomery
(eat-sleep-adslguide) Sun 31-Dec-23 14:43:14

Re: DNS servers.

[re: Andrue] [link to this post]

Exactly.

--------------------------------------------------------------
Be the person your dog thinks you are.

jchamier
(eat-sleep-adslguide) Sun 31-Dec-23 15:45:06

Re: DNS servers.

[re: behuk] [link to this post]

In reply to a post by behuk:
How does Unbound prevent your ISP from harvesting DNS queries -- you'll be making unencrypted queries to the authoritative nameservers, which your ISP could snoop on if they wanted. If you don't trust your ISP, wouldn't one of the forms of encrypted DNS be better?

Or a router that does encrypted from your home to internet, and lets really basic appliances (e.g. your DVD player) query the router over unencrypted DNS.

_{24 years of broadband connectivity since 1999 trial - Live BQM}

smouty
(committed) Sun 31-Dec-23 22:02:47

Re: DNS servers.

[re: behuk] [link to this post]

In reply to a post by behuk:
How does Unbound prevent your ISP from harvesting DNS queries -- you'll be making unencrypted queries to the authoritative nameservers, which your ISP could snoop on if they wanted. If you don't trust your ISP, wouldn't one of the forms of encrypted DNS be better?

Unbound can be encrypted if the root server supports it.
DNS should be be more secure if only for integrity rather than the privacy it offers as as well.

OPNSense on Topton N100 - SWISH Fibre 900
PiHole/AdGuard home - Unifi for Wifi
My Broadband Ping

Pages in this thread: 1 | 2 | [3] | (show all)

Print Thread

Jump to