| ▲ | nemomarx 3 days ago |
| What's the good DoH provider nowadays? I feel like cloud flare has some downsides in terms of centralization |
|
| ▲ | grepfru_it 3 days ago | parent | next [-] |
| For those wanting a bit of privacy, you can run your own DOH server[0]. Be aware that the upstream requests can still be tracked, but additional safety steps can be taken such as hosting your own dns resolver (bind/powerdns), sending dns/doh queries over a vpn or tor connection, or spanning queries over multiple sources. Each has its own security and privacy implications, which is beyond the scope of this comment :) [0] https://github.com/DNSCrypt/doh-server |
| |
| ▲ | mrweasel 3 days ago | parent [-] | | Running your own DOH server comes with it's own set of risks, depending on your adversary. If you're the only person using a DOH server, then any requests that server make must belong to you. I'd argue that it's better to use a public server and hide in between the other users. | | |
| ▲ | cortesoft 2 days ago | parent [-] | | My main issue with DOH is failing to honor my internal DNS overrides to provide local addresses for services on my local network (externally the DNS entries point to the external address but internally the LAN address) It is so annoying fighting against DOH for this |
|
|
|
| ▲ | mrweasel 3 days ago | parent | prev | next [-] |
| Wikimedia runs an experimental DoH server, see: https://meta.wikimedia.org/wiki/Wikimedia_DNS |
|
| ▲ | jsheard 3 days ago | parent | prev | next [-] |
| Mullvad runs a privacy-oriented DoH service, which is free to use regardless of whether you use their VPN service. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls |
| |
| ▲ | traceroute66 3 days ago | parent [-] | | Mullvad DoH is great, and things like ad-blocking seems to be more effective on Mullvad. But, and its a BIG BUT .... Mullvad don't have the geo-coverage that Quad9 has. They are predominantly Northern Europe with very limited server coverage outside (6x Northern Europe, 2xUSA, 1xSingapore) Which is fine if you spend most of your time in those three places. But if you are a road-warrior or you live elsewhere, then Quad9 is the better choice as they have global coverage (200 locations, 90 countries). Avoid Cloudflare. They log traffic. Sure for a short-time period ($n days) but Quad9 still has the better privacy policy. Quad9 is also Swiss, not US, so they can't be compelled to do anything under PATRIOT or whatever. | | |
| ▲ | pred_ 2 days ago | parent [-] | | > Avoid Cloudflare. They log traffic. That sounds like a GDPR violation if the logs include PII like IPs and if it's not opt-in. Is that really the case? | | |
| ▲ | traceroute66 2 days ago | parent [-] | | > That sounds like a GDPR violation if the logs include PII like IPs and if it's not opt-in. Is that really the case? Cloudflare retain what they call "limited transaction and debug log data" for 25 hours. Cloudflare state that IPs are truncated and the truncated IPs are deleted after 25 hours BUT for "randomly sampled network packets" they will retain the full IP for "network troubleshooting purposes". Even so, as we know, a truncated IP can still be used to track and trace people ... Compare and contrast to Quad9 who explicitly consider IP addresses as GDPR PII ("Quad9 regards Internet Protocol ("IP") addresses associated with its users to be Personally Identifiable Information ("PII")") Quad9 states IPs are only ever in RAM "for the few microseconds to milliseconds necessary to service the user's query" They also state "Quad9 does not collect or record IP addresses, nor does it collect or hold any proxy for or representation of IP addresses, nor does it collect or hold any other unique identifier of individuals in lieu of IP addresses." Which is why I said Quad9 have a much better privacy policy. |
|
|
|
|
| ▲ | miyuru 3 days ago | parent | prev | next [-] |
| For Germany/EU there is ffmuc: https://social.ffmuc.net/@freifunkMUC/114087819103432120 Hopefully we will see more regional DOH providers instead of centralized ones. |
|
| ▲ | hocuspocus 3 days ago | parent | prev | next [-] |
| NextDNS is great |
|
| ▲ | AlgebraFox 2 days ago | parent | prev | next [-] |
| Quad9 (supports DoH,DoT,Dnscrypt) and Mullvad are both good secure DNS services. Choose Quad9 if you want better security and Mullvad for it's adblocking options. |
|
| ▲ | Phelinofist 2 days ago | parent | prev | next [-] |
| I did setup AdGuard with unbound. Setup supports DoH and DoT. Pretty nice. |
|
| ▲ | qiine 3 days ago | parent | prev [-] |
| I like quad9 |
