Run your own unbound or bind resolvers!
I’m glad it’s only the football streaming sites, but I don’t much like that companies get this kind of legal power.
Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?
I’m currently using Quad9 because they support DNS over TLS and DNS over HTTPS.
Yes its possible 👍
Use:
forward-zone:
forward-addr: 9.9.9.9@853#dns.quad9.net
That is what I’m doing currently but now unbound doesn’t talk to the root servers anymore, it sends all queries to Quad9.
Both scenarios are not ideal because you always end up with one entity knowing all your queries.
Perhaps you could configure more than unbound service behind a loadbalancer. Each unbound instance is configured to use different upstream dns servers.
Double check if unbound doesn’t allow you to randomly hop between dns upstreams first, but the above solution should work if that’s unavailable atm.
Not sure you would even need encryption. Surely It can’t be illegal to ask the root servers (and all the other DNS servers involved, because the root servers only have IPs for TLD DNS servers) for IPs
Not illegal but it leaves all your DNS lookups in plain text with your ISP, which just doesn’t sit right with me.
Not that the ISP in my country would care.
I just want to point out the Technitium project as an alternative to unbound and bind resolver as well.
Regardless, it’s really easy to setup your own DNS resolver that resolves to DNS roots.
Apparently Cisco operates a popular DNS resolver? Never heard of that before.
And definitely don’t learn how to use a VPN. Or set up Unbound or Bind or PowerDNS Recursive…
Ah crap, good to know. This sucks though, I was thinking of using it to replace CF. What’s left? Quad9 and the unbound type?
Cisco operates from the ISP side, they’ll poison DNS through their routers. And you should be aware that your ISP will employ Deep Packet Inspection which can also be done with Cisco routers. That means they can intercept internet traffic, especially if your internet connection is not encrypted.
