🗄️ DNS provider suggestion | Lelux.fi

privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.

https://www.privacyguides.org

Creative Commons Zero v1.0 Universal

3.12k stars 385 forks source link

🗄️ DNS provider suggestion | Lelux.fi #1208

Open Mikaela opened 5 years ago

Mikaela commented 5 years ago

Basic Information

Name: Lelux Filtering: No Privacy policy: https://lelux.fi/privacy/ Protocols: DoT (853) Server/Location: Luxembourg Source: - Type: hobby project? Website: https://lelux.fi/resolver/

Description

Recommended by #1206 as a backup so if we list it, I guess we should also list this or it will get recommended by someone sooner or later.

Required features:

[x] supports DoH or DoT
[x] supports DNSSEC
[x] doesn't log IP addresses during normal operation
- I think this is the case judging by "Haproxy TCP/HTTP logs are disabled. No IP addresses are collected." but I am not sure on query log verbosity 1, so leaving unchecked and research required

Desired features

[x] supports QNAME minimization

ProgressiveArchitect commented 5 years ago

It seems silly to add another DNS server to an already packed list, especially when it doesn't support all the features that would make it fully privacy focused.

Mikaela commented 5 years ago

I haven't been in contact with the admin (yet) nor tested support for the features it doesn't advertise. Or are you able to confirm that it's indeed missing features we require?

Amolith commented 5 years ago

Unbound verbosity level 1 simply provides the admin with some high-level operational information. I've documented that in my privacy policy under DNS services though you can also run man unbound.conf and search for verbosity to read it yourself.

His setup is the same as mine too; on Debian, DNSSEC validation and QNAME minimisation are both enabled by default.

EDIT

The wording on both of our policies was inaccurate; previously, they said "Unbound query logs are enabled" and now they say "Unbound debug logs are enabled". Verbosity is set to 1 by default and neither of us modified that.

Mikaela commented 5 years ago

@Amolith do you have contact to Lelux.fi? Their SSL certificate has expired ~24 hours ago and I was pinged about this in our Matrix room.

Amolith commented 5 years ago

@Mikaela I do and I just sent him a message about it.

Amolith commented 5 years ago

@Mikaela He renewed the certificate a few hours ago.

freddy-m commented 3 years ago

@privacytools/editorial I'm in favour of adding this.