:: Re: [DNG] hijacking resolv.conf - p…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMarjorie Roome at <-
MDan Purgert at ->
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] hijacking resolv.conf - possible fix?
Le 30/03/2025 à 21:22, Marjorie Roome via Dng a écrit :
> Yes my Resolv.conf is fixed because it simply points to dnscrypt-proxy
> (127.0.0:1:53) which is a DNS proxy running on my own machine and that
> then uses a choice of DNS resolvers which are dynamic.
>
> It finds DNS servers from a list that you can control.
> You can have a fixed list and a fallback, such as 9.9.9.9 but it
> normally looks for nearby DNS servers, that in my cases are limited to
> ones that are non-logging, are dnssec, use doh or dnscrypt (so lookup
> is encrypted in transit) and then load balances between the quickest
> few based on latency, so not all queries are sent to one resolver
> anyway.

    May I ask where one can find a list of close-by DNS servers and how
they work ?

    I understand DOH is a good protection from malignant hackers, but,
AFAIU, if links to Google or Amazon servers, which I consider malignant
as well. Or is there a way to avoid or fool them?

    It was common, about 20 years ago to be redirected to porn sites
when a DNS request failed, but it seems to me that this issue has
completely disapeared, at least in my country. OTOH I can understand
that, under some political regimes, people may prefer to be monitored by
Google rather than their own government.

> On my fixed PC I only refresh these latencies and hence preferred
> resolvers every 4 hours but you might want to do something different on
> a laptop that moves around.
>
> Dnscrypt-proxy also caches queries.
>
> And I can and do also choose from a selection of blocklists that block
> the usual subjects. I can override these with an allowlist in the event
> there is a website I need that would otherwise not work.

    So, if I understand correctly, your goal is to protect yourself
from having your requests monitored and/or redirected by malignant
hackers, which is not the same goal as people who want essentially to
protect themself against ads.

    We then have two motivations to run one's own DNS server, though
I'm not sure it's possible to achieve both; is it?

--     Didier




This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] hijacking resolv.conf - possible fix?Re: [DNG] hijacking resolv.conf - possible fix?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)