Whis DNS Provider does Sup Forums use?

>anno 2017
not using dnscrypt

Can someone explain to me DNS? I don't know much honestly. Also why should I change it?

forum.pfsense.org/index.php?topic=78446.0

Google.com

Yandex.DNS
dns.yandex.com/

>using Google

>Can you make encrypted requests to the root dns servers?
No

185.121.177.177
185.121.177.53
142.4.205.47
142.4.204.111

comodo, norton, open :all are logging

Cant encrypt the requests but you could have an external dns server on a virtual server somewhere and encrypt that to your home.

>Russia
the enemy of your enemy is not your friend, user

8.8.8.8 8.8.4.4
it just werks

OpenDNS

I think it's fine (:

so does nsa.gov

I use dnscrypt with the opendns servers

how do I switch them to something else in the csv

why do I have to run dns-fix and restart dnscrypt every time I boot up?

Stupid question, but does it realy matter which DNS server you use? If your ISP is logging your browsing data will it matter where you resolve names to IPs?

One, if you use a VPN then your ISP can't see what IPs you connect to - beyond one address in a datacenter somewhere.
Two, even if you don't use a VPN, DNS is the preferred point for ISP spying and interference because by default its in plain text and goes to a server the ISP controls. That's a much easier and more precise way to collect data than monitoring IPs that you connect to. Remember one IP doesn't necessarily equal one site. Load balancers and CDNs among other things get in the way of that one-to-one relationship.

If DNS traffic is in plain unauthenticated text, an ISP can easily spoof it, too. They can just hijack your DNS traffic, even if you're using a server other than theirs, and do what they want with it. You wouldn't have a way to either detect or stop this. DNSSec authenticates but doesn't encrypt DNS queries, which would let the ISP monitor them but not alter them. DNSCrypt actually encrypts them, shutting down both tampering and monitoring.

If you have your own box .. setup named and resolve yourself.

You could use Tor from torproject.

It totally matters, depending on country. Norway censors a lot of websites, "torrent" sites is their main excuse but they censor all sorts of political content too. When I was there and checked the ISP only lied on their own default DNS servers.

I suspect a lot of logging and monitoring is also done by just at DNS servers. I know it sounds stupid but it works for the vast majority who don't know what a DNS server is.

>>I suspect a lot of logging and monitoring is also done by just at DNS servers. I know it sounds stupid but it works for the vast majority who don't know what a DNS server is.
Happened in Turkey a while back. The government tried to block access to a lot of social media sites while protests were going on. It was done with DNS, there were pictures in the news of graffiti saying "change your DNS to 8.8.8.8"

DNS-based blocking is simple, fast, and easy for an ISP to do. You could do it by IP, but then you're fucking with routing, and that's both more difficult and runs a higher risk of breaking other things. It's also defeatable, with VPNs, proxies, etc.

Maybe use a raspberry?

I use Google's DNS

dnscrypt.org/
thesimplecomputer.info/a-list-of-dns-service-providers

check fastest with
grc.com/dns/benchmark.htm

OpenDNS.

I can run DNSCrypt with every DNS provider that supports it, right?

Would it be worth running my own on a raspberry or some other low power device?

On a related note...

Would it be possible to replace my cisco botnet cable modem, that I got from my ISP, with some kind of gateway device that would send the cable signal directly to my pfsense router?