Firefox with Ublock Origin, Router forwarded DNS over TLS to NextDNS. Plus firewall rules to forward all DNS from LAN to the router, on mobile same browser and using Android native DNS over TLS forward to NextDNS
Well, you will always need an upstream DNS server to surf the internet. Even your DNS server in your LAN needs an upstream DNS server or it can’t resolve domain names. This means whatever upstream DNS server you use you need trust it. Imo NextDNS is a good choice here.
But tbh NextDNS is the least good one. I use pihole with 1.1.1.1 upstream. I mean Nextdns could literally remove a “sponsor” from ur blacklist without ur knowledge. On local blocker not
Yes, but they don’t. That’s where I have to criticize NextDNS. It feels like the devs just let it run but stopped development. They still even offer a block list called “Energized” which is dead with all entries removed since I think 2021. They just don’t care about updating anything. Don’t get me wrong because I still like NextDNS very much. It’s working completely fine as it is right now but it’s just not getting updates (anymore).
My problem with a Pi-hole is that it only works in your LAN. You can’t make use of it on your phone when you’re not at home. This is where NextDNS is better. You might wanna use NextDNS only on your mobile devices. 300,000 queries per month are free anyway. Or just use RethinkDNS which is completely free right now but you need their app to have a white- and blacklist.
True but a VPN connection drains your phone’s battery quite well. That’s why I never liked that option and prefer just using a DNS server with adblocking feature since it has 0 impact on your phone’s bettery life.
Not really as long as you use some VPN that’s not braindead stupid like OpenVPN. Wireguard is the perfect protocol, there’s almost no overhead since it doesn’t need keepalive packets or anything and there’s no handshake beyond the initial connection either.
I’ve read reports of 3% to 10% battery usage with Wireguard on smartphones. To me even 1% would be too much but maybe that’s not the case for you. I don’t mind paying 2 bucks a month for a great product that is extremely simple to set up. If you prefer the way with Wireguard + Pi-hole than that’s of course fine. To each their own.
Root hints are DNS data stored in a DNS server. The root hints provide a list of preliminary resource records that can be used by the DNS service to locate other DNS servers that are authoritative for the root of the DNS domain namespace tree.
This just means that your local DNS server doesn’t need to use the root DNS servers to resolve domain names but instead uses other authorative DNS servers in the internet to resolve your queries. So anyway you have to trust an upstream DNS server owned by someone else in the internet. There’s no way around it unless you use hyperlocal.
It means they can snoop ur dns queries. ( and they will do or how they pay their bills? ) It means a lot. Tbh i dont understand people like you. “It doesnt mean as much…” inderect saying “I dont have to hide something” Oh can i watch you on the toilet? Because you dont have anything to hide :)
I said nothing about not having anything to hide. I said it doesn’t mean much. dns resolvers were intended to be cloud based. the only difference between nextdns and standard dns resolvers is the control over function nextdns hands the user.
using cloud services also allows home devices to stay secured via keeping ports closed. the whole “the cloud is someone else’s computer” is just another way of saying “I don’t know how to practice good opsec”.
your isp/vpn provider also can log all your data, or are you going to suggest running everything over tor now?
a dns query does not send that much info since all the contained data from site to user is encrypted and takes network routes separate from the DNS query.
Firefox with Ublock Origin, Router forwarded DNS over TLS to NextDNS. Plus firewall rules to forward all DNS from LAN to the router, on mobile same browser and using Android native DNS over TLS forward to NextDNS
NextDNS is in the cloud, the cloud is just someone elses computer. You have to trust it really hard.
Well, you will always need an upstream DNS server to surf the internet. Even your DNS server in your LAN needs an upstream DNS server or it can’t resolve domain names. This means whatever upstream DNS server you use you need trust it. Imo NextDNS is a good choice here.
But tbh NextDNS is the least good one. I use pihole with 1.1.1.1 upstream. I mean Nextdns could literally remove a “sponsor” from ur blacklist without ur knowledge. On local blocker not
Yes, but they don’t. That’s where I have to criticize NextDNS. It feels like the devs just let it run but stopped development. They still even offer a block list called “Energized” which is dead with all entries removed since I think 2021. They just don’t care about updating anything. Don’t get me wrong because I still like NextDNS very much. It’s working completely fine as it is right now but it’s just not getting updates (anymore).
My problem with a Pi-hole is that it only works in your LAN. You can’t make use of it on your phone when you’re not at home. This is where NextDNS is better. You might wanna use NextDNS only on your mobile devices. 300,000 queries per month are free anyway. Or just use RethinkDNS which is completely free right now but you need their app to have a white- and blacklist.
You can usea VPN to connect to your home network and use your pihole there.
You can just host pihole on a cloud server and get it with that ;)
True but a VPN connection drains your phone’s battery quite well. That’s why I never liked that option and prefer just using a DNS server with adblocking feature since it has 0 impact on your phone’s bettery life.
Not really as long as you use some VPN that’s not braindead stupid like OpenVPN. Wireguard is the perfect protocol, there’s almost no overhead since it doesn’t need keepalive packets or anything and there’s no handshake beyond the initial connection either.
I’ve read reports of 3% to 10% battery usage with Wireguard on smartphones. To me even 1% would be too much but maybe that’s not the case for you. I don’t mind paying 2 bucks a month for a great product that is extremely simple to set up. If you prefer the way with Wireguard + Pi-hole than that’s of course fine. To each their own.
A DNS server can use root hints to resolve addresses rather than needing an upstream DNS server.
Source
This just means that your local DNS server doesn’t need to use the root DNS servers to resolve domain names but instead uses other authorative DNS servers in the internet to resolve your queries. So anyway you have to trust an upstream DNS server owned by someone else in the internet. There’s no way around it unless you use hyperlocal.
this doesn’t mean as much as you think it does.
It means they can snoop ur dns queries. ( and they will do or how they pay their bills? ) It means a lot. Tbh i dont understand people like you. “It doesnt mean as much…” inderect saying “I dont have to hide something” Oh can i watch you on the toilet? Because you dont have anything to hide :)
I said nothing about not having anything to hide. I said it doesn’t mean much. dns resolvers were intended to be cloud based. the only difference between nextdns and standard dns resolvers is the control over function nextdns hands the user.
using cloud services also allows home devices to stay secured via keeping ports closed. the whole “the cloud is someone else’s computer” is just another way of saying “I don’t know how to practice good opsec”.
your isp/vpn provider also can log all your data, or are you going to suggest running everything over tor now?
a dns query does not send that much info since all the contained data from site to user is encrypted and takes network routes separate from the DNS query.
using cloud services to keep ports closed. U know what the dns server needs to go through ports.
I never told u that i am not overly dramatic over privacy but nextdns is just a bad choice.
VPNs are just honeypots change my mind
you’re a moron change mine.
You are just an apple fanboy change your address
I don’t own an apple product lmao what. actually that’s a lie, I use an old iPhone X as a remote for my chromecast.
It’s the exact same how I use it. Imo this is the best solution.