
























I set up my own resolver about 2 years ago, and it has just worked. Never once had an issue. |
prefer this form: |
This is something your OS should handle as part of the OS's support for captive portals. I'd recommend contacting your OS's creator about this and filing a bug. |
I use Unbound locally as a DoH server. The Alpine Linux Unbound package is compiled with libnghttp2, required for the built in DoH listener. That's more than enough to enable ECH [1]. I pre-cache all the domains I use hourly via cron. My ISP is not going to dork with my DNS requests and their employees are bigger deviants than I. If I ever started browsing the web from a phone I would just set up my own public DoH server. It only takes a few minutes and gives me my own query logs for debugging weird issues. [1] - https://tls-ech.dev/ |
There is a bunch of public dnscrypt servers to which your client can randomly fan out encrypted queries. |
Unbound has "prefetch" which will refresh near-expired cached records, and various other cache/ttl knobs. "serve-expired" seemed to work well too |
I was thinking that if you preload your 50k list and override the min-ttl, the prefetch would let you relax the cron schedule a little |
> I pre-cache all the domains I use hourly via cron. How does this look? Shell script querying a list of hostnames? What qualifies as a domain you use? |
quad9 seems fine. Glad there are a bunch of alternatives though. We should never stop practicing decentralization in the net. |
I believe cloudflare only blocked archive.is on their "Families" filtered dns. I've been using their normal 1.1.1.1 and haven't encountered any blocks. |
I always just set up root recursors at my home and other locations. I've never noticed any downside. |
Same. I’ve been running my own caching DNS servers since my earliest home network, dating back almost 30 years. |
I've never felt this. Most large services run or delegate to anycast DNS services. If you have knowledge of TCP, you know you will occasionally get stalls much greater than that beyond control. |
Versus letting a singular entity snoop everything? If you actually open a connection to the result what is the difference? The only way to fully deal with all that is an overlay or mixnets. |
Shame there is no client subnet filter. I've had issues in the past with various websites when using resolvers that don't add that hint. |
Google's AI Mode was pretty effective at solving it. I'm impressed. I just copied and pasted the two lines. |
Because it is very useful on mobile. App typically use an advertising SDK for their monetisation, which means we can BLOCK THEM ALLLLLLL |
unfortunately many DNS resolvers are integrated with CDNs. I do want privacy of an independent non-tracking DNS but I also want my video streaming work fast. :( |
What does it mean for a DNS resolver to be "integrated with CDNs"? And why does that affect streaming speed negatively? |
Some CDNs (like Cloudflare) use solely BGP anycast steering for routing to the "nearest" server. Other CDNs (like Akamai, Fastly, Netflix, and YouTube) use a hybrid BGP-DNS steering because some ISPs have extremely questionable routing practices. Unfortunately, if the CDN only rely on BGP steering (or conversely if you are a user who is stuck on an ISP monopoly), there are cases where this is not necessarily the nearest network-wise (or performant network-wise) if there are peering disputes. If the said ISP is a virtual monopoly or (worse) state-sanctioned to collect network "toll fees" (like in South Korea), non-preferred and international routes are (intentionally) congested.* If you use a third-party DNS, you basically lose this DNS optimization, and ECS does not fully solve this (because sometimes the DNS override are placed only on the ISP's recursive DNS servers). You're basically in a lose-lose position: either use third-party servers and the IP addresses served to you on popular CDNs are in the congested path, or use the often-unreliable and heavily-logged ISP-provided DNS. * Usually. There are exceptions, but this comment is just a simplification of the complexities of real-life networking (where RFCs and mutual cooperation die out without fanfare). Edit for further reading: DNS is the new BGP by Geoff Huston of APNIC (https://ispcol.potaroo.net/2023-09/service-routing.html), How LinkedIn used PoPs and RUM to make dynamic content download 25% faster from the old LinkedIn engineering team (Archived at https://web.archive.org/web/20160310065302/https://engineeri...), Wikimedia's mapping of their CDNs (https://gerrit.wikimedia.org/r/plugins/gitiles/operations/dn...) |
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。