Privacy

33268 readers

738 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

What, if any, Public DNS is preferred? (lemmy.world)

submitted 1 day ago by splintertank@lemmy.world to c/privacy@lemmy.ml

26 comments fedilink hide all child comments

My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I'm guessing there's a better, more private, option?

you are viewing a single comment's thread
view the rest of the comments

[–] Darkassassin07@lemmy.ca 17 points 1 day ago (3 children)

Regular DNS can be monitored, intercepted, and modified however your ISP decides, even with you specifying custom DNS servers.

I run pihole on my LAN, with cloudflared as its upstream DNS. Cloudflared translates regular DNS into DOH using cloudflare and quad9 as the upstream DOH providers (configurable).

Pihole DOH with cloudflared

Finally I block all port 53 (dns) traffic at the router so it cannot leave my LAN. All LAN devices that want regular DNS are forced to use the LAN DNS server which wraps their requests in DOH for them. (as well as blocking ads, tracking/telemetry, and known malware sites)

[–] Lemmchen@feddit.org 1 points 11 hours ago (1 children)

Why would you need cloudflared? Can't you justbset DoH/DoT servers as a backend in Pi-Hole?

[–] Darkassassin07@lemmy.ca 1 points 11 hours ago* (last edited 10 hours ago)

Pihole doesn't directly support DOH. What I linked is their official guide for implementing it: using cloudflared.

There is other ways you can do this. This is just what I've been using.

[–] drspod@lemmy.ml 6 points 22 hours ago (1 children)

What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.

[–] Darkassassin07@lemmy.ca 2 points 10 hours ago

I'm not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I'm at it.

Just sharing the knowledge for those that are interested. You can use any DOH provider you like.

[–] MangoPenguin@lemmy.blahaj.zone 3 points 23 hours ago

Adguard Home supports TLS, HTTPs, QUIC and other stuff natively, in case anyone reading wants to set up a pihole equivalent with less work for encrypted DNS.

https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#upstreams