Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>7. I use my own local dns resolver.

Does that provide a usable amount of privacy? It doesn't seem like it would given your local BIND instance would have to talk to DNS servers on the Internet -- over plaintext -- and so would reveal your lookups anyway. I never bothered with a local DNS stack because I felt it wasn't worth the effort. Can someone say if I've missed something?

Caching / performance seems like the only real benefit to me.

------------

EDIT: >4. I made myself a rss client similar to rss2mail

By the way, is this open source? I wonder if you could document some of your setup along with guides / links to software you use in case others are wanting to adopt some of your techniques?

I really am a bit impressed and would like to try some of these!



The privacy benefit is there's no centralized logs. If you're using your ISP's / CF's / Google's resolvers[1], there's a single place the bad guys have to log to get all of your DNS requests. Locally, your resolver talks to each authoritative server in the chain independently.. to find out who you're talking to, it's not a matter of just requesting logs anymore, they'd have to actively tap your connection and sniff traffic on DNS ports.

[1]Someone will start shouting about how 8.8.8.8/1.1.1.1 doesn't store logs. Yes they do[2][3]. They store full logs for "24 to 48 hours", so the bad guys can happily request your DNS logs (without a warrant now), as long as they request them once a day for the previous day.

[2]https://developers.google.com/speed/public-dns/privacy

[3]https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: