[kwlug-disc] CCC talk about DNS(ystem)

Doug Moen doug at moens.org
Thu Apr 9 06:57:54 EDT 2020


The question is: what if I don't rely on somebody else's DNS server, but instead run my own. Let's say I don't rely on my ISP's server, or on Google's 8.8.8.8 server, or on 1.1.1.1, or on CIRA's server, but instead run my own. Let's assume I am sophisticated enough to use the non consumer grade routers advocated by other KWLUG members, and that I am capable of running my own instance of BIND as a recursive DNS server.

The criticism people make of using someone elses DNS server is that they can see all of your traffic, they might be recording all that information and profiling you, and they might be blocking access to some domains or inserting advertising by redirecting requests. A previous post asked why we should trust CIRA's server. So what if you run your own server? Does anybody here do that for the reasons I just mentioned?

On Thu, Apr 9, 2020, at 2:09 AM, Chris Irwin wrote:
> On Thu, Apr 09, 2020 at 12:48:23AM +0000, Doug Moen wrote:
> 
> >What are the privacy and security implications of running your own DNS 
> >server (BIND), as opposed to relying on your ISP's DNS servers?
> 
> You may already have a local caching DNS server if you're using a 
> consumer router (dnsmasq, likely, instead of BIND). By default, it will 
> just forward requests to your ISP, but you can change that in pretty 
> much any router. (Whether you can enable/enforce DoT or DoH lookups on 
> your router really depends on the firmware, and probably isn't common).
> 
> DoT would require you to configure your system to use it (applications 
> have no control over it). That is one of several reasons DoH is gaining 
> support in browsers, because Firefox can add encrypted DNS lookups into 
> the software (and get more inforamtion about the responses as well) 
> without "hoping" the system does it (most don't).
> 
> -- 
> Chris Irwin
> 
> email:   chris at chrisirwin.ca
>   xmpp:   chris at chrisirwin.ca
>    web: https://chrisirwin.ca
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>




More information about the kwlug-disc mailing list