:: Re: [DNG] Mozilla and cloudflare to…
Top Pagina
Delete this message
Reply to this message
Auteur: Steve Litt
Datum:  
Aan: dng
Onderwerp: Re: [DNG] Mozilla and cloudflare to hijack all your DNS requests - for your own good of course
On Sun, 9 Sep 2018 13:24:41 -0700
Rick Moen <rick@???> wrote:

> Quoting Steve Litt (slitt@???):
>
> > Hi Taiidan,
> >
> > I wouldn't use Firefox if it were the last browser on earth. If you
> > take Firefox out of the equation, are the Cloudflare public DNS
> > servers any less secure or more problematic than the Google ones or
> > the Hurricane electric ones, etc?
> >
> > https://www.lifewire.com/free-and-public-dns-servers-2626062
>
> You already know my view: Why outsource your recursive DNS to anyone,
> let alone some bunch of people you know nothing about?
>
> Running local recursive service is inherently more reliable, more
> secure, and better performing than any remote outsourced offering run
> by some bunch of strangers.


Yes. I'm running Unbound on all my boxes now. My question is, though,
is cloudflare public DNS specifically worse in any way than, let's
say Google Public DNS at 8.8.8.8 and 8.8.4.4. With its 1.1.1.1,
Cloudflare is certainly memorable.

Some folks don't have what it takes to install their own caching DNS
server, even one as simple as Unbound, and therefore I think they're
better off with a known-decent public DNS than the DNS DHCP-recommended
by whatever hotspot they happen to be passing. Obviously, having them
run their own caching DNS server on their own laptop is the best of all
possible worlds, especially if the DNS server keeps its cache between
uses.

Keeping cache between uses takes some doing with Unbound, but I
think a second daemon could archive its cache once every couple
minutes, and Unbound's run script could be tweaked to wait 10 seconds
after start and then load the archived cache.

SteveT

Steve Litt
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz