DNS: Who makes most sense?

[Moat 11]

Truth is, when configuring airvpn manually, you need DNS to resolve the IP of a server behind one of the Airvpn clusters (europe.vpn.airvn.org for example). Airdns does not have a DNS server accessible outside the tunnel as it strongly suggests/supports OpenNIC.

 

OpenNIC is the go-to for AirVPN. But, I have a grudge against OpenNIC. You select any OpenNIC DNS server in Europe for example, and the DNS ends up someplace else, the USA for example. Granted, DNS allegedly only sees the AirVPN IP as soon as the connection is up. But still ... Blinds me why sometimes an OpenNIC from a nice internet country ends up in an ugly internet country. It yanks me every time, and I did try a lot of OpenNIC servers, sooner or later they end up in land I don't want them to end up in.

 

Then there is OpenDNS, but I'm not too keen on a few aspects, call them personal preferences.

 

Then there is Google DNS, and the newly raved about cloudflare DNS. Yuk! Yes I know, they only "see" AirVPN IP's as long as the tunnel etc. are running. But since it is used to establish the tunnel, Google knows my IP searched for an AirVPN server and then nothing after that ... So Google knows I use AirVPN, and I hate that. Same with Cloudflare, or other internet evils offering reliable DNS as a source of business intel gathering.

 

Then there are a few of the other good VPN providers who have publicly accessible DNS servers. Kind of defeats using one VPN to use the DNS of another VPN. It somehow doesn't feel right to do that.

 

Which DNS service is of OpenNIC philosophy, is reliable to resolve AirVPN, and never ends up in an ugly internet country telling that ugly country I use AirVPN?

[Casper31 73]

Which DNS service is of OpenNIC philosophy, is reliable to resolve AirVPN, and never ends up in an ugly internet country telling that ugly country I use AirVPN?

 

In the spirit of OpenNic i suggest the dns of the Chaos Computer Club(ccc) or the one from censurfridns.dk.

Overhere the compleate list:https://wiki.ipfire.org/dns/public-servers

Have a look what they say about ccc and censorfri .

I have good experience with those two.

 

Gr,casper

[corrado 100]

No need to resolve AirVPN server names, just use the resolved host in your configuration file - AirVPN's generator even offers an option for that.

[Moat 11]

Actually, could we ask for an admin to comment on this small, some would say insignificant, pre AirVPN tunnel DNS issue?

 

 

 

In the spirit of OpenNic i suggest the dns of the Chaos Computer Club(ccc) or the one from censurfridns.dk.

Overhere the compleate list:https://wiki.ipfire.org/dns/public-servers

...

 

Very interesting pages, I'll look more deeply into those!

 

No need to resolve AirVPN server names, just use the resolved host in your configuration file - AirVPN's generator even offers an option for that.

 

Some do need resolving as the IP/server associated changes ± every 5 minutes, for example europe.vpn.airvn.org

Or do I get this wrong?

[zhang888 1066]

pre AirVPN tunnel DNS issue?

 

There is no real issue there.

Unless  you really don't trust your network, to the level you don't want them to know you tried to access xx.airvpn.org,

you can use OpenNIC/Cloudflare (1.1.1.1) DNS servers pre-VPN.

This does not provide any good layer of extra security or anonymity, since if your provider is hostile, it can still detect

OpenVPN traffic unless  you use SSL/SSH tunnels.

Pre-VPN DNS is really not an important factor here, since it depends on what your ISP is -known- to censor afterwards.

 

Still, as an outside VPN resolver for DNS I would recommend OpenNIC DNScrypt resolvers, but since not many devices

can support that out of the box, the  new alternative from Cloudflare is a good choice as well (1.1.1.1).

Probably still better than your ISP resolver, but still the same in terms of  logging unless you use DNS over TLS.

[go558a83nk 362]

 

pre AirVPN tunnel DNS issue?

 

There is no real issue there.

Unless  you really don't trust your network, to the level you don't want them to know you tried to access xx.airvpn.org,

you can use OpenNIC/Cloudflare (1.1.1.1) DNS servers pre-VPN.

This does not provide any good layer of extra security or anonymity, since if your provider is hostile, it can still detect

OpenVPN traffic unless  you use SSL/SSH tunnels.

Pre-VPN DNS is really not an important factor here, since it depends on what your ISP is -known- to censor afterwards.

 

Still, as an outside VPN resolver for DNS I would recommend OpenNIC DNScrypt resolvers, but since not many devices

can support that out of the box, the  new alternative from Cloudflare is a good choice as well (1.1.1.1).

Probably still better than your ISP resolver, but still the same in terms of  logging unless you use DNS over TLS.

 

whoa, zhang is still here!  I thought you'd left us.

[Moat 11]

pre AirVPN tunnel DNS issue?

 

There is no real issue there.

Unless  you really don't trust your network, to the level you don't want them to know you tried to access xx.airvpn.org,

you can use OpenNIC/Cloudflare (1.1.1.1) DNS servers pre-VPN.

This does not provide any good layer of extra security or anonymity, since if your provider is hostile, it can still detect

OpenVPN traffic unless  you use SSL/SSH tunnels.

Pre-VPN DNS is really not an important factor here, since it depends on what your ISP is -known- to censor afterwards.

 

Still, as an outside VPN resolver for DNS I would recommend OpenNIC DNScrypt resolvers, but since not many devices

can support that out of the box, the  new alternative from Cloudflare is a good choice as well (1.1.1.1).

Probably still better than your ISP resolver, but still the same in terms of  logging unless you use DNS over TLS.

 

 

I do trust the network players, like cloudflare, do everything they can to hamster data in order to monetize people. The fact people do not care makes their data freely available and less exclusive, valuable, as a result, comparatively speaking. Snitching any data from people who try to do what they can to not give their data for commerce is lucrative business, otherwise they wouldn't spend big budgets in hamstering those last few data. Cloudflare is no different, a multi million, billion business, they're no charity or privacy advocate with their DNS. What's the point in paying for a VPN if we're telling the data monetizing cat we're a data to be monetized mouse, come catch us?

 

I do agree on SSL/SSH tunnels, but I would prefer finding a way not needing those, OpenNIC seemed like a descent compromise, but ...

 

As to why opennic dns server IP's in Europe sooner or later exit in the US or UK (where I never am physically), I do not know, but that I do not like. If for example I pick an OpenNIC in Germany, I want the DNS exiting in Germany and not in the US or UK a few days later. Tried Germany, Italy, France, Spain, all ended up sooner or later in US or UK.