Do you have your own DNS Servers

[x-x 0]

Hello - I am a complete novice when it comes to DNS.  I have been using Cloudflare 1.1.1.1 - 1.0.0.1 to connect my router and OS to the internet. I am concerned about being tracked and would like to know, do you have your own IP DNS numbers for IPV4 + IPV6 that we can use?

Thank you

Edited ... by x-x

[OpenSourcerer 1435]

4 hours ago, x-x said:

I am concerned about being tracked

You will always be tracked, neither VPN nor DNS servers will help you with that. What you can do is minimize the impact.

I'm running a PiHole in the network. Upstream servers are my ISP's, Quad9 and two from OpenNIC. Some people use Google Public DNS or OpenDNS, I'd avoid those.

[x-x 0]

Thank you for your reply Opnsourcerer.  I will look into your method to understand a bit more about it.  I have seen some No Logs DNS servers that look legitimate; I will give those a go later.  It is interesting that security around not being tracked 100% has still not been perfected.

PS, I would never use google unless I wanted to be tracked, for example for business purposes.

[rx_man123 6]

On 10/6/2022 at 11:17 AM, OpenSourcerer said:

You will always be tracked, neither VPN nor DNS servers will help you with that. What you can do is minimize the impact.

I'm running a PiHole in the network. Upstream servers are my ISP's, Quad9 and two from OpenNIC. Some people use Google Public DNS or OpenDNS, I'd avoid those.

Why not AirVPN's DNS servers?

[OpenSourcerer 1435]

On 8/19/2023 at 3:37 PM, rx_man123 said:

Why not AirVPN's DNS servers?

Because that necessitates running a VPN connection, which necessitates monitoring it and reacting to incidents, even if not at home. Which might necessitate investing time at the most untimely of times – right when I need them but can't use them.

[go558a83nk 362]

1 hour ago, OpenSourcerer said:

Because that necessitates running a VPN connection, which necessitates monitoring it and reacting to incidents, even if not at home. Which might necessitate investing time at the most untimely of times – right when I need them but can't use them.

last I looked there's somebody that's been connected since last Christmas to the same server.  I think the servers are reliable enough to use them ;)

[OpenSourcerer 1435]

8 minutes ago, go558a83nk said:

last I looked there's somebody that's been connected since last Christmas to the same server.  I think the servers are reliable enough to use them ;) 

That they are. But I didn't question that to begin with, did I? ;)

[Crewman6639 4]

On 10/6/2022 at 11:43 AM, x-x said:

Hello - I am a complete novice when it comes to DNS.  I have been using Cloudflare 1.1.1.1 - 1.0.0.1 to connect my router and OS to the internet. I am concerned about being tracked and would like to know, do you have your own IP DNS numbers for IPV4 + IPV6 that we can use?

I have pi-hole setup as a recursive dns server using unbound and then I use Mullvad as my DoT provider. This way you get the benefit of no one server being able to fully log the exact paths you’re going by setting up unbound as a recursive DNS. This is important as all DNS requests are sent to authoritative servers in plain text.

Then by using a DNS provider for DoT/DoH, you are also encrypting traffic in transit, which provides privacy from your service provider..

If you are interested in doing something like that check out pihole unbound guide.

after setting up unbound edit

/etc/unbound/unbound.conf.d/pi-hole.conf

and add the following for DoT
 

tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

    forward-zone:
     name: "."
     forward-tls-upstream: yes
     # Cloudflare
     forward-addr: 1.1.1.1@853
     forward-addr: 1.0.0.1@853

You can then check to see if it worked using 1.1.1.1/help or if you choose a different provider, they usually have their own page you can check.

The other added benefit of DoT/DoH as it seems to fix the issue Windows has with leaking DNS when using something like pi-hole (instead of AirVPN DNS). Now when I have it setup with the Eddie Client only the Mullvad DNS servers show up.

[firefox154 0]

There's no way to avoid being tracked, if you do care about the privacy, why not use port forwarding + reverse proxy?

Edited ... by firefox154

[reversevpn 4]

Well, if you are connected to AirVPN via Wireguard, you can set your DNS server to 10.128.0.1. This holds regardless of which AirVPN server you are connected to, as long as you are using Wireguard. By running AirVPN on your wifi router or between your wifi router and your ISP, you can directly replace cloudflare with AirVPN. I use a script like this to automatically switch between AirVPN servers whenever any of them go down.
I hereby release this bash script for all to use under the 0BSD license.
You can add as many AirVPN servers as you like to maximize reliability, but I find that 5 are enough for me.
This script simply ping-tests  the currently connected AirVPN server. The moment the current AirVPN server fails to respond within 0.5 seconds, the router switches to a different AirVPN server. This will keep your DNS running as long as at least 1 of the AirVPN servers you put into rotation are still working.