search

ragibkl / adblock-dns-server

Adblock DNS Server powered by Bancuh DNS and dnsdist-acme
https://bancuh.com/
MIT License
66 stars 14 forks source link

remove forwarders and resolve from root dns servers directly #92

Closed ragibkl closed 3 years ago

ragibkl commented 3 years ago

At the moment, our adblock dns keeps a list of domains for blocking. However, regular dns resolution are delegated to some common public dns servers owned by Google and Microsoft.

In order to protect user's privacy, we should probably perform the name resolution ourselves against root nameservers. That way we don't leak user's query to private corporations.

ragibkl commented 3 years ago

PR #105 created and merged. Let's try this for few days.

ragibkl commented 3 years ago

I tested for dns leaks at https://www.dnsleaktest.com

Query round    Progress      Servers found
1              ......        2

IP                | Hostname  | ISP          | Country
128.199.132.254   | None      | DigitalOcean | Singapore, Singapore
128.199.186.6     | None      | DigitalOcean | Singapore, Singapore

These are my own DNS servers, so I think root resolution is working as expected. We are not leaking dns queries to outside party.

ragibkl commented 3 years ago

PR #106 for cleanup of the forwarders scripts.

I'll merge this for now. However, if we need to restore forwarders function, I'll just revert this PR and re-add the forwarders.