Open funilrys opened 3 years ago
@funilrys Nice to hear this! Can you please add some documentation regarding the upstream server, filters used, logging, etc?
Also, I hope that you will also set up DNSCrypt and DNS-over-HTTPS on the same servers.
Hey @DRSDavidSoft I had DoH on my DNS servers, but since FF DO NOT respect the use-application-dns.net
for disabling DoH support on clients I have disabled it, for not becoming part of Network hacking....
You can read a more in-depth comment on this at https://mypdns.org/my-privacy-dns/issues/-/issues/607. There are also a bunch of links to among other FireBug etc.
With this, even how good the intention originally was supposed to be, it can actually rather soon become the pure evil :unamused: and my personal advice is, Don't put it up, unless you can and will provide a user account for using the DoH service.
Update note: fixing some grammar for readability.
@spirillen Good point. Since you brought this issue up, I'd like to also mention some of my opinions regarding this matter as well.
In any case, I'd still like to use an encrypted upstream DNS resolver, whenever possible.
Hey @DRSDavidSoft A couple of replies on that long thread. (Why didn't you add it to T607 now you signed up anyway :smiley: That site is protected against all kind of tracking :+1: )
It would also help this thread from becoming de-routed as now.
I expect to get the IP address of Google servers, not the private-range address
10.10.34.35
This can actually be you are routed to a proxy here it's evil from a privacy issue, but again.. all google is one big privacy issue, and here a proxy can actually help obfuscating who is doing what on yt. So this is a 50/50 change for the better.
Cloudflare's 1.1.1.1 DoH resolver is fine, and I trust it more than Google. Of course, Quad9's 9.9.9.9 is also a good choice.
Cloudflare = all activity tracking
Quad9 = Despite it's financed by the British government and the politicians of NY, they DO NOT TRACK your activities and they also offers some protection by using various filter from ex. Bamber Consult, Z-CERN etc.
With that being said, not many people are well-versed in running a technical setup like this, or they simply just do not care.
Try to as @DaniV5 if this was difficult even he never tried anything like this before!!! He was up and running in a few hours, with help from this starter script: https://mypdns.org/rpz/dns-rpz-integration/-/tree/master/PowerDNS-Recursor
I believe Mozilla and Google's efforts to implement a built-in encrypted resolver are in the right place, in order to prevent unwanted DNS hijacking and governmental censorship, for those type of people.
If bastards like google would/is doing this, trust me it isn't for your sake, it is purely for there own for getting even more data about you for brainwashing you.
I believe Google's approach is more
Could you post more about this in the T607, as I have completely blocked google here. That's include the spyware chromium.
De-Googled version of Chromium (such as Bromite), or I use Google Chrome
You should try to watch your log when you lunch any chrome
variation :unamused: You will purge them right away :smile: It's g license that say, in short, you can do as you like as long we get the tracking data.
I'd still like to use an encrypted upstream DNS resolver, whenever possible.
A SSL certificate based on IP addresses, is first and foremost extremely expensive and you can only obtain it through a limited number of providers. Next you need to be assigned the IP by RIPE, with all organization data etc. You shall then have those IP addresses setup by a hosting company, then find some papers with the RIPE letterhead to forward to the SSL application etc etc.... it's a jungle and it cost the the bucks of a big country's BNP.
Setting it up takes what 5 to 10 minutes :hourglass_flowing_sand:
To not loose any of the control of contents being blacklisted and whitelisted and have other deciding this to you, there is only one solution..... Install your own resolver PowerDNS's recursor or ICS Bind9 on you own machine (My personal flavor is by far the PowerDNS recursor) and then use the RPZ and maintain your own whitelist, it should always rely on a personal choice, rather than other. And by a local resolver using RPZ you have the keys, nobody else.
Nice to see more people trying to do something good and setting up other open DNS servers :+1:
@spirillen If it's alright with you, I don't mind posting to mypdns.org -- although maybe on a new document, since my reply is already getting kind of off-topic.
I'd like to apologize for the long reply beforehand, but since the topic is already posted here, I'll just reply here.
@DRSDavidSoft
If it's alright with you, I don't mind posting to mypdns.org -- although maybe on a new document, since my reply is already getting kind of off-topic.
I think that would be a good idea, as I see yet more de-reouted comments to your last reply.
Anyway a single note to your
However, as a web developer and a user
What script language do you write in? You might be a VW people!!!
@spirillen For web development, I write in ES8+ Javascript. I primarily use a Node.js stack for the back-end too, although I'm also well versed in PHP/7. What does VW stand for?
@spirillen For web development, I write in ES8+ Javascript. I primarily use a Node.js stack for the back-end too, although I'm also well versed in PHP/7. What does VW stand for?
VW Is VolksWagen :yum: (That's a German car factory cheating with there test software :rofl: )
VW = VeryWanted :+1: I'll hit you up on mypdns about the php =>
Just re-visiting this topic, when i start thinking...
allover.co.za
What is the TOS and Privacy, what is being logged/sold?? and for how long are logs stored?
There are not much info to find on what is going on behind the scene?
Hmmm the whois-record looks exactly like the domains I put on the blacklist all the time. I'll add this one with unknown tld also right now, then we are safe! π€£
Shit! Is it the Mossad? The CIA? Funilrys' dog?
Side note: @funilrys @Somebodyisnobody
But fun aside, there are lacking information's on the above questions!!
@Somebodyisnobody I'm sure it was @mitchellkrogza's dog π
But I fixed it so that it redirects here (correctly) πΈ
To answer your questions, there is no logging behind safedns
and safedns2
DNS server. I'll document those things in the README later.
About the missing WHOIS information, it's pretty common in Germany to have no personal information in the WHOIS record. My family for example has domains for more than 10 years now, and there is no information about us in there.
Keep in mind that the equivalent of the "GPDR" existed and evolved in Germany since 1977 as the "Bundesdatenschutzgesetz (BDSG)".
But I still have to document myself about the law in South Africa. @mitchellkrogza may clarify that for you. But it's really not surprising for me to have some information retracted in there.
About the missing WHOIS information, it's pretty common in Germany to have no personal information in the WHOIS record. My family for example has domains for more than 10 years now, and there is no information about us in there.
It depends on the country of the registrar. For example for .de TLDs you go to the german denic. They do redact but you can query this information with reason on https://www.denic.de/webwhois/. The whois record looked above like https://www.instra.com/en/whois/whois-result/burton_email. So for me personally better write nothing in the whois-record than this "REDACTED" thing... I talked multiple times with abuse@namesilo.com. They really care about abusing their domains.
Yes indeed, you you can ask for detail but only if you have the right for it.
It's really up to the registrars anyway⦠That shouldn't change one thing: we - as a natural person - should have the right to refuse that our personal data ends in there.
Hello, about firefox doh dns over https :
"I also do NOT appreciate Firefox defaulting to another DNS server -- whether encrypted or not -- when I have explicitly implied that I intend to resolve the DNS through localhost
it seems firefox in recent update has changed mechanism of dns over https and it can be set to strict and can't be overridden and there is even whitelist for dns....
so we hope there will be dns servers doh dns over https for our beloved Ultimate Hosts Blacklist ! Thank you for these awesome lists ans dns !
We are now reachable through the 5353
port.
Great ! π― π₯
Hello, World! Hello, @Ultimate-Hosts-Blacklist/contributors! Hello, @Ultimate-Hosts-Blacklist/blacklister! Hello, @Ultimate-Hosts-Blacklist/whitelister!
I hope that everything goes well for you and your beloved one.
It's been a long time (cf. #293) since we had this idea of providing a DNS server and today think that we are that far. It took us (@mitchellkrogza and I) some time (in our free time) to imagine, develop, stabilize and even get the resources for this. But, here we are :smile:
I'm glad to announce our Public DNS Server:
88.198.70.38
88.198.70.39
2a01:4f8:140:5021::38
2a01:4f8:140:5021::39
Give it a try and let us know if something is disturbing you or if you have questions!
Have a nice day/night. Stay safe and healthy. Nissar