Non classé

I’m setting up WiFi for a new Win 10 laptop and the DNS lookup is abysmally slow, on the order of seconds when it doesn’t time out. However if I manually change the DNS provider to either 1.1.1.1 or 8.8.8.8 everything loads lightning fast. Likewise punching in the IP directly for a website loads it quickly too.

Is this a symptom of any particular problem? Other devices (phones, game consoles) on the same network don’t have this issue at all, just the laptop.

I’ve been looking for the best DNS server for a while now, and so far the best that I’ve found are Google (8.8.8.8, 8.8.4.4) and CloudFlare (1.1.1.1, 1.0.0.1). I was wondering which one is the best between the two? Also, are there any better DNS than those?

Hi everyone.

tl;dr What are the pros and cons of hosting your own DNS server via unbound (for the purposes of privacy)?

*****

I am concerned that there may be misinformation being spread about self-hosting (not for a website) your own DNS sever. Please help me to clear up my own confusion/point me to what I need to learn to begin to understand and discern for myself.

I frequent subreddits such as r/pihole, r/privacytoolsIO, r/privacy, and r/theprivacymachine. Occasionally people recommend self-hosting your own DNS server on your LAN for the purpose of not giving your internet history to recursive DNS servers (think CloudFlare, Google, Quad9, NextDNS, etc.) and minimizing the requests that you’re sending out by having a local cache.

Here is the usual recommended setup: Unbound with DNSSEC and a cache. They recommend not forwarding requests to recursive DNS servers, however, wouldn’t this make my network traffic stand out more than if I had discerningly picked a handful of privacy-respecting recursive DNS servers in my Unbound configuration? Additionally, the only guide I have found that has included properly setting up TLS certificates has been this one: https://www.ctrl.blog/entry/unbound-tls-forwarding.html

I am currently using the following setup: https://docs.pi-hole.net/guides/unbound/

*****

Based on my reading so far I think I should be using:

• QName minimization
• DoT forwarded to a list of privacy respecting recursive DNS servers (both DoT and DoH have been thrown into doubt for me here: https://mailarchive.ietf.org/arch/msg/doh/vHjITrOMhWSdrozGFe4-eGNMEJc )
• DNSSEC
• Cache

****

Please help an ignorant layman learn to understand this for himself, so I can take my own threat model and understand fully what I’m doing here.

I’m migrating away from shared hosting and had a question about configuring my new set-up.

I’ve transferred the domain to Google Domains. I’m using their name servers. And, I’ve moved the DNS records over as well.

And, I’ve transferred the site to a VPS at Upcloud. I have an option to add some DNS entries (A and CNAME–but not TXT) to the server as well.

Do I want to create the same A and CNAME on the Upcloud server that I use at Google Domains? Or do I leave them blank at the Upcloud server since they’re already included at Google Domains?

Any insight or context would be appreciated.

Thanks!

Starting a DNS with over 1 million domains in blocklist powered by pi-hole. The DNS resolver is 1.1.1.1

Server: 35.239.56.28

Enjoy

Hi, IT manager here. We have hundreds of domains on bulk register and enom, at an annual cost right around $5-6k. Some are purchased and used, others simply purchased for potential future use.
Most don’t have a business contact/requester, only my Engineer contact info when they set it up. Clearly not all of them resolve to an active site.

What is the best way to audit our list of DNS to see if they are active? IS there a way to audit the list with confidence of accuracy?

Likely a basic question, I appreciate any help as DNS isn’t my area of knowledge.

I have a Win 2019 Eval running on my home network.

When I take a laptop and try to join it to the domain, it won’t find the domain controller unless I change its DNS server from that of my router to that of the ADS Server.

What I’d LIKE to have happen is that the computer asks the router, the router asks my DNS Registrar, and they point back to the AD Server on the network. It’s using a 192 address, but I have other devices with A names and C names in the registrar that are pointing to those address blocks, so this should work, I just don’t know what the top level entries need to be.

Can anyone help?

Thanks.