Jump to content
Not connected, Your IP: 3.14.131.194

Recommended Posts

I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter).

 

Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers.

 

So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? I want to get rid of OpenDNS

 

*and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter.

 

Thanks in Advance for any feedback! Be Well. DfP

 

Just a link,

https://twitgoo.com/best-free-dns-servers/

Share this post


Link to post

I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter).

 

Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers.

 

So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? I want to get rid of OpenDNS

 

*and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter.

 

Thanks in Advance for any feedback! Be Well. DfP

 

Just a link,

https://twitgoo.com/best-free-dns-servers/

My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/

Mullvad is a respectfull vpn provider.

If you use Airvpn,than look no further.There DNS  is top,in respect to Privacy and free of blockades ,trackings.

For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.

Gr,

        Casper

Share this post


Link to post

My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/

Mullvad is a respectfull vpn provider.

If you use Airvpn,than look no further.There DNS  is top,in respect to Privacy and free of blockades ,trackings.

For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.

Gr,

        Casper

 

I'm a big fan of AirVPN.  But I did check out Mullvad per your suggestion.  Their VPN looks pretty decent as well.  But yeah, AirVPN is the sh*t (imho).  I appreciate your feedback though, thank you Casper!

 

You can run BIND (https://www.isc.org/downloads/bind/) on Windows as your own DNS resolver.

 

Have BIND listen on 127.0.0.1 with something like this:

 

options {
  ...
  listen-on { 127.0.0.1; };
};

Then use 127.0.0.1 as your DNS server.

 

I may give this BIND a try, thanks!  I was hoping for something a little simpler (but I will look at BIND, for sure).  The only DNS servers Id like to swap find would be a couple to throw into my router (Id like to remove main OpenDNS 208.67.222.222, and 220.220). 

 

Since I'll have guests coming by using WiFi, I don't config my router to connect through AirVPN.  Instead I use Eddie on my machines or OpenVPN (for my mobiles/tablets).  Since I connect PC/Laptops using Eddie via Windows App I was simply hoping to find a couple reputable DNS Servers for my router.

 

By the way, are Air's DNS Servers noted anywhere on the website?   I can't find them.  Going from memory, is this the extent of them:

10.30.0.1

10.4.0.1

10.50.0.1

10.6.0.1

10.7.0.1

10.9.0.1

 

I'll give BIND a look to see if it works well for my configuration.  Thanks again! 

 

But if anyone cares to suggest a couple US/Canada DNS Servers simply to plug into a router (fast AF, no logs ideal ), I'd be grateful.  Then I'll use strictly AirVPN DNS w/in Windows Adapter).  Thanks for your time Casper and NaDre.  Greatly appreciated! 

DfP 

Share this post


Link to post

...

 

I'll give BIND a look to see if it works well for my configuration.

...

 

If you were using DNSCrypt to access OpenDNS, then you had encryption of your DNS packets. So your ISP could not see their contents.

 

BIND just does the raw DNS protocol. Directly accessing the domain root servers. No encryption by BIND. But when you are using the VPN, the packets to and from BIND will go over the VPN.

 

While your ISP may log your DNS requests in their DNS server, or block some queries there, I doubt that they are inspecting or blocking raw DNS protocol packets.

Share this post


Link to post
Posted ... (edited)

check with others on how to do this with your operating system whatever it may be

but set your local to static basically hard set your local dns

to airvpns, set your router dns to 0.0.0.0 then each box set your

dns config to static, assign your local ip addresses for each device

this is a real world kill switch meaning you get no net/WAN

without being encrypted, shut off dhcp on the router

your ISP side will be dhcp auto config but your side on the router

will be static

 

this is not perfect, might brick some stuff you are doing or

be a pain in the butt

 

but the idea is this: keep the isp as far as you can out of your local

 


iptables -F
iptables -t nat -F
iptables -t mangle -F
#
iptables -X
iptables -t nat -X
iptables -t mangle -X
# 
iptables -P INPUT DROP
iptables -P FORWARD DROP
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT 
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
#
iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT 
iptables -A INPUT -s 255.255.255.0 -j ACCEPT 
iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT 
iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT 
iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 
iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP 

###############################

example netctl:

Description='eth0 net'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.0.5/24')
Gateway='192.168.0.1'
DNS=('10.5.0.1')

################################

say for ddwrt in your services tab assign the ip addresses there
set your lease time

this means you don't have to worry about resolv.conf dns problems

coz your local network is now airvpn dns only

i'm human, make mistakes, forget stuff, brain fart etc so this protects me from

myself, helps keep my ISP on the cable modem only, my router does nothing more than route

nothing fancy, i got a beefy router, does more stupid shit than i know what to do

i run it totally vanilla, a generic turd tbh, i don't even use wifi on it

that isn't ideal or even practical for most, i get that, so mod for what works for you

and your family config, set your boxes for when they boot up, they don't connect to anything

run your iptables, start netctl and you are good

so when my box as example boots up i run iptables sript

.xinitrc has everything set to down 

then i run 

netctl start eth0

cd to my airvpn configs folder

stunnel "airvpnserver.ssl" --auth-nocache

then in other termina window:

openvpn --config "airvpnserver.ovpn" --auth-nocache

no network manager etc i get lost in that stuff anyway

but nothing wrong with using a gui or using network manager or 

modding it so more 'user friendly' etc 

hope this helps
Edited ... by tokzco

Share this post


Link to post

i have been using quad 9 with my pfsense setup.    i use the dns over tls and it passes the dnsec with their DNS but not airvpn's which i hope works one day.

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...