De Facto Pantalones 12 Posted ... I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter). Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers. So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? I want to get rid of OpenDNS *and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter. Thanks in Advance for any feedback! Be Well. DfP Just a link,https://twitgoo.com/best-free-dns-servers/ Quote Share this post Link to post
Casper31 73 Posted ... I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter). Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers. So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? I want to get rid of OpenDNS *and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter. Thanks in Advance for any feedback! Be Well. DfP Just a link,https://twitgoo.com/best-free-dns-servers/My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/Mullvad is a respectfull vpn provider.If you use Airvpn,than look no further.There DNS is top,in respect to Privacy and free of blockades ,trackings.For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.Gr, Casper 1 De Facto Pantalones reacted to this Quote Share this post Link to post
NaDre 157 Posted ... You can run BIND (https://www.isc.org/downloads/bind/) on Windows as your own DNS resolver. Have BIND listen on 127.0.0.1 with something like this: options { ... listen-on { 127.0.0.1; }; }; Then use 127.0.0.1 as your DNS server. 1 De Facto Pantalones reacted to this Quote Share this post Link to post
De Facto Pantalones 12 Posted ... My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/Mullvad is a respectfull vpn provider.If you use Airvpn,than look no further.There DNS is top,in respect to Privacy and free of blockades ,trackings.For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.Gr, Casper I'm a big fan of AirVPN. But I did check out Mullvad per your suggestion. Their VPN looks pretty decent as well. But yeah, AirVPN is the sh*t (imho). I appreciate your feedback though, thank you Casper! You can run BIND (https://www.isc.org/downloads/bind/) on Windows as your own DNS resolver. Have BIND listen on 127.0.0.1 with something like this: options { ... listen-on { 127.0.0.1; }; }; Then use 127.0.0.1 as your DNS server. I may give this BIND a try, thanks! I was hoping for something a little simpler (but I will look at BIND, for sure). The only DNS servers Id like to swap find would be a couple to throw into my router (Id like to remove main OpenDNS 208.67.222.222, and 220.220). Since I'll have guests coming by using WiFi, I don't config my router to connect through AirVPN. Instead I use Eddie on my machines or OpenVPN (for my mobiles/tablets). Since I connect PC/Laptops using Eddie via Windows App I was simply hoping to find a couple reputable DNS Servers for my router. By the way, are Air's DNS Servers noted anywhere on the website? I can't find them. Going from memory, is this the extent of them:10.30.0.110.4.0.110.50.0.110.6.0.110.7.0.110.9.0.1 I'll give BIND a look to see if it works well for my configuration. Thanks again! But if anyone cares to suggest a couple US/Canada DNS Servers simply to plug into a router (fast AF, no logs ideal ), I'd be grateful. Then I'll use strictly AirVPN DNS w/in Windows Adapter). Thanks for your time Casper and NaDre. Greatly appreciated! DfP Quote Share this post Link to post
NaDre 157 Posted ... ... I'll give BIND a look to see if it works well for my configuration. ... If you were using DNSCrypt to access OpenDNS, then you had encryption of your DNS packets. So your ISP could not see their contents. BIND just does the raw DNS protocol. Directly accessing the domain root servers. No encryption by BIND. But when you are using the VPN, the packets to and from BIND will go over the VPN. While your ISP may log your DNS requests in their DNS server, or block some queries there, I doubt that they are inspecting or blocking raw DNS protocol packets. Quote Share this post Link to post
cm0s 118 Posted ... (edited) check with others on how to do this with your operating system whatever it may bebut set your local to static basically hard set your local dnsto airvpns, set your router dns to 0.0.0.0 then each box set yourdns config to static, assign your local ip addresses for each devicethis is a real world kill switch meaning you get no net/WANwithout being encrypted, shut off dhcp on the routeryour ISP side will be dhcp auto config but your side on the routerwill be static this is not perfect, might brick some stuff you are doing orbe a pain in the butt but the idea is this: keep the isp as far as you can out of your local iptables -F iptables -t nat -F iptables -t mangle -F # iptables -X iptables -t nat -X iptables -t mangle -X # iptables -P INPUT DROP iptables -P FORWARD DROP # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access # iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT iptables -A INPUT -s 255.255.255.0 -j ACCEPT iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP ############################### example netctl: Description='eth0 net' Interface=eth0 Connection=ethernet IP=static Address=('192.168.0.5/24') Gateway='192.168.0.1' DNS=('10.5.0.1') ################################ say for ddwrt in your services tab assign the ip addresses there set your lease time this means you don't have to worry about resolv.conf dns problems coz your local network is now airvpn dns only i'm human, make mistakes, forget stuff, brain fart etc so this protects me from myself, helps keep my ISP on the cable modem only, my router does nothing more than route nothing fancy, i got a beefy router, does more stupid shit than i know what to do i run it totally vanilla, a generic turd tbh, i don't even use wifi on it that isn't ideal or even practical for most, i get that, so mod for what works for you and your family config, set your boxes for when they boot up, they don't connect to anything run your iptables, start netctl and you are good so when my box as example boots up i run iptables sript .xinitrc has everything set to down then i run netctl start eth0 cd to my airvpn configs folder stunnel "airvpnserver.ssl" --auth-nocache then in other termina window: openvpn --config "airvpnserver.ovpn" --auth-nocache no network manager etc i get lost in that stuff anyway but nothing wrong with using a gui or using network manager or modding it so more 'user friendly' etc hope this helps Edited ... by tokzco 1 win8 reacted to this Quote Share this post Link to post
Air4141841 25 Posted ... i have been using quad 9 with my pfsense setup. i use the dns over tls and it passes the dnsec with their DNS but not airvpn's which i hope works one day. Quote Share this post Link to post