Jump to content


Photo

DNS Server Recommendations

DNS NoLog DNS_Speed

  • Please log in to reply
6 replies to this topic

#1 De Facto Pantalones

De Facto Pantalones

    Advanced Member

  • Members
  • PipPipPip
  • 46 posts

Posted 28 October 2018 - 05:19 AM

I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter).

Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers.

So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? :P I want to get rid of OpenDNS

*and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter.

Thanks in Advance for any feedback! Be Well. DfP

Just a link,
https://twitgoo.com/best-free-dns-servers/

#2 Casper31

Casper31

    Advanced Member

  • Members
  • PipPipPip
  • 127 posts

Posted 28 October 2018 - 11:40 AM

I was reading the thread “DNS Confusion” within this DNS Leak sub-category. Funny timing bc I just noticed I was seeing RU and Moldova DNS servers on a recent ipleak.net test. I use OpenDns within my router, then 2 alternate OpenDnS within my Windows adapter (also plugging-in 3 AirVPN DNS Servers w/in adapter).

Id be very grateful for any feedback from folks who can offer up some better ideas than using OpenDNS. I won’t use Google. Im not to keen on 1.1.1.1 or 1.0.0.1. There was something about OpenNic DNS servers I didn’t like, but can’t recall exactly why. I think OpenNic’s DNS servers speed was slower, and Id get random, weird, seemingly inexplicable IPs on my Resource Monitor -before removing the OpenNic servers.

So for US and Canada, can anyone offer up some alternatives to OpenDNS? Ideally, super-fast, no logging DNS servers? :P I want to get rid of OpenDNS

*and, of course if anyone wants to note DNS Server suggestions for other parts of the world, please feel free to post. Maybe this can evolve into a thread where Air Members can come and see some previously unknown but reliable new DNS servers to try out. I liked OpenNic until Id get strange network activity that kinda spooked me, so I 86’d them from my router and adapter.

Thanks in Advance for any feedback! Be Well. DfP

Just a link,
https://twitgoo.com/best-free-dns-servers/

My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/

Mullvad is a respectfull vpn provider.

If you use Airvpn,than look no further.There DNS  is top,in respect to Privacy and free of blockades ,trackings.

For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.

Gr,

        Casper


xmpp.airvpn.org ; D70D4969 808093D5 ED232F8A 1764CFBC C020509B


#3 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 420 posts

Posted 28 October 2018 - 02:00 PM

You can run BIND (https://www.isc.org/downloads/bind/) on Windows as your own DNS resolver.

 

Have BIND listen on 127.0.0.1 with something like this:

 

options {
  ...
  listen-on { 127.0.0.1; };
};

Then use 127.0.0.1 as your DNS server.



#4 De Facto Pantalones

De Facto Pantalones

    Advanced Member

  • Members
  • PipPipPip
  • 46 posts

Posted 29 October 2018 - 07:45 PM

My sugestion,if you do not use airvpn go with DNS from mullvad . https://mullvad.net/en/guides/dns-leaks/

Mullvad is a respectfull vpn provider.

If you use Airvpn,than look no further.There DNS  is top,in respect to Privacy and free of blockades ,trackings.

For me opennic (https://www.opennic.org/) is also an option.But don't use 8.8.8.8 etc.

Gr,

        Casper

 

I'm a big fan of AirVPN.  But I did check out Mullvad per your suggestion.  Their VPN looks pretty decent as well.  But yeah, AirVPN is the sh*t (imho).  I appreciate your feedback though, thank you Casper!

 

You can run BIND (https://www.isc.org/downloads/bind/) on Windows as your own DNS resolver.

 

Have BIND listen on 127.0.0.1 with something like this:

 

options {
  ...
  listen-on { 127.0.0.1; };
};

Then use 127.0.0.1 as your DNS server.

 

I may give this BIND a try, thanks!  I was hoping for something a little simpler (but I will look at BIND, for sure).  The only DNS servers Id like to swap find would be a couple to throw into my router (Id like to remove main OpenDNS 208.67.222.222, and 220.220). 

 

Since I'll have guests coming by using WiFi, I don't config my router to connect through AirVPN.  Instead I use Eddie on my machines or OpenVPN (for my mobiles/tablets).  Since I connect PC/Laptops using Eddie via Windows App I was simply hoping to find a couple reputable DNS Servers for my router.

 

By the way, are Air's DNS Servers noted anywhere on the website?   I can't find them.  Going from memory, is this the extent of them:

10.30.0.1

10.4.0.1

10.50.0.1

10.6.0.1

10.7.0.1

10.9.0.1

 

I'll give BIND a look to see if it works well for my configuration.  Thanks again! 

 

But if anyone cares to suggest a couple US/Canada DNS Servers simply to plug into a router (fast AF, no logs ideal :P ), I'd be grateful.  Then I'll use strictly AirVPN DNS w/in Windows Adapter).  Thanks for your time Casper and NaDre.  Greatly appreciated! 

DfP 



#5 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 420 posts

Posted 29 October 2018 - 09:13 PM

...

I'll give BIND a look to see if it works well for my configuration.
...

 
If you were using DNSCrypt to access OpenDNS, then you had encryption of your DNS packets. So your ISP could not see their contents.
 
BIND just does the raw DNS protocol. Directly accessing the domain root servers. No encryption by BIND. But when you are using the VPN, the packets to and from BIND will go over the VPN.
 
While your ISP may log your DNS requests in their DNS server, or block some queries there, I doubt that they are inspecting or blocking raw DNS protocol packets.

#6 cm0s

cm0s

    Advanced Member

  • Members
  • PipPipPip
  • 301 posts

Posted 30 October 2018 - 10:17 AM

check with others on how to do this with your operating system whatever it may be

but set your local to static basically hard set your local dns

to airvpns, set your router dns to 0.0.0.0 then each box set your

dns config to static, assign your local ip addresses for each device

this is a real world kill switch meaning you get no net/WAN

without being encrypted, shut off dhcp on the router

your ISP side will be dhcp auto config but your side on the router

will be static

 

this is not perfect, might brick some stuff you are doing or

be a pain in the butt

 

but the idea is this: keep the isp as far as you can out of your local

 


iptables -F
iptables -t nat -F
iptables -t mangle -F
#
iptables -X
iptables -t nat -X
iptables -t mangle -X
# 
iptables -P INPUT DROP
iptables -P FORWARD DROP
#
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT 
#
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
#
iptables -A OUTPUT -d 255.255.255.0 -j ACCEPT 
iptables -A INPUT -s 255.255.255.0 -j ACCEPT 
iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT 
iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT 
iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to 10.5.0.1 
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE 
iptables -A OUTPUT -o eth0 ! -d 127.0.0.1 -p tcp --dport 1413 -j DROP 

###############################

example netctl:

Description='eth0 net'
Interface=eth0
Connection=ethernet
IP=static
Address=('192.168.0.5/24')
Gateway='192.168.0.1'
DNS=('10.5.0.1')

################################

say for ddwrt in your services tab assign the ip addresses there
set your lease time

this means you don't have to worry about resolv.conf dns problems

coz your local network is now airvpn dns only

i'm human, make mistakes, forget stuff, brain fart etc so this protects me from

myself, helps keep my ISP on the cable modem only, my router does nothing more than route

nothing fancy, i got a beefy router, does more stupid shit than i know what to do

i run it totally vanilla, a generic turd tbh, i don't even use wifi on it

that isn't ideal or even practical for most, i get that, so mod for what works for you

and your family config, set your boxes for when they boot up, they don't connect to anything

run your iptables, start netctl and you are good

so when my box as example boots up i run iptables sript

.xinitrc has everything set to down 

then i run 

netctl start eth0

cd to my airvpn configs folder

stunnel "airvpnserver.ssl" --auth-nocache

then in other termina window:

openvpn --config "airvpnserver.ovpn" --auth-nocache

no network manager etc i get lost in that stuff anyway

but nothing wrong with using a gui or using network manager or 

modding it so more 'user friendly' etc 

hope this helps

Edited by tokzco, 04 November 2018 - 06:38 AM.


#7 Air4141841

Air4141841

    Advanced Member

  • Members
  • PipPipPip
  • 62 posts

Posted Yesterday, 01:34 PM

i have been using quad 9 with my pfsense setup.    i use the dns over tls and it passes the dnsec with their DNS but not airvpn's which i hope works one day.

 

 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 14340 - BW: 49261 Mbit/sYour IP: 54.167.18.170Guest Access.