:: Re: [DNG] web conferencing software…
Top Pagina
Delete this message
Reply to this message
Auteur: tito
Datum:  
Aan: dng
Onderwerp: Re: [DNG] web conferencing software (was Re: Any interest in a Devuan Meetup in Colorado Springs or Denver?)
On Tue, 9 Mar 2021 23:02:31 -0800
Rick Moen <rick@???> wrote:

> Quoting tito via Dng (dng@???):
>
> > Hi,
> > just for fast information, is it enough for unbound to remove:
> >
> > forward-zone:
> >         #forward-first: yes
> >         name: "."
> >         forward-tls-upstream: yes
> >         forward-addr: 1.1.1.1@853#cloudflare-dns.com
> >         forward-addr: 1.0.0.1@853#cloudflare-dns.com
> >         forward-addr: 8.8.4.4@853#dns.google
> >         forward-addr: 8.8.8.8@853#dns.google
> >         forward-addr: 9.9.9.9@853#dns.quad9.net
> >         forward-addr: 185.222.222.222@853#dns.sb
> >         forward-addr: 185.184.222.222@853#dns.sb

>
> Answer below.
>
> > Makes it sense to keep:
> >
> > server:
> >         tls-upstream: yes
> >         tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt

>
> On that: yes.
>
> On the former question, er, I'm actually a bit non-plussed about why
> those forwarder lines are in your configuration file in the first
> place.
>
> Forgive me, but it's rather late at night in my time zone, and I am
> not at peak alertness, _but_ my guess is that Unbound got set up
> somehow configured to forward outbound recursive queries to those
> entities, leaving me perplexed about why anyone would do that.


Just by following one of the many tutorials out there.
Initially I was just interested in using dns to filter out adservers
and the like.

> That having been said, I personally would definitely _not_ want to
> have that configuration detail in my recursive nameserver state,
> without an extremely compelling reason, because doing that appears to
> largely defeat the entire purpose of running one's own recursive
> nameserver. Analogously, it would be like setting up a fully capable
> SMTP smarthost on a stable public IP address with free routing to
> 25/tcp anywhere in the world, but then configuring it to forward all
> outbound SMTP traffic to an untrustworthy ISP external mail host.
> Which would lead one to wonder, why?
>
> I hope that helps. I have no idea what else you might have in your
> configuration that ought not to be there, obviously.
>
>
> > I ask because after reading the thread I've tried on one
> > of my home's net dns servers and it worked (I could browse the web)
> > but browsing speed was noticeably slower, does it improve
> > in the long run or do we have to choose between
> > privacy and speed?
>
> I'm seriously not sure why operating a local recursive nameserver
> would be expected to reduce speed. Obviously, at initial startup of
> that process, it has nothing yet in cache and needs to do some
> queries of often-used FQDNS, but I would expect that it would very
> quickly improve DNS performance over _any_ nameserver on the far side
> of your uplink, because obviously your speed of local DNS resolution
> is really fast relative to your uplink, right?
>


I will try and report about this in a few days.

Thanks,
Tito