cross-posted from: https://lemmy.ml/post/26984767
The European public DNS that makes your Internet safer.
A free, sovereign and GDPR-compliant recursive DNS resolver with a strong focus on security to protect the citizens and organizations of the European Union.
Mullvad is another option with content blockers: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
Quad9 is another European DNS service. It’s Swiss-based.
Enter 193.110.81.0 as Preferred DNS.
Enter 185.253.5.0 as Alternate DNS.Not quite as friendly as 8.8.8.8, 8.8.4.4, 1.1.1.1, 9.9.9.9 and so on
I’m not understanding your comment. Smaller numbers are friendlier?
Your examples of Google and Cloudflare are not European, nor privacy friendly, which seems to be the point of this post.
Quad9 is though.
No, but “four 8s” is easier to remember.
If they had a memorable IP, I’d use them in a heartbeat.
I’ll put them on my network DNS resolver, but I’m probably still gonna use 8s. Especially since that’s the resolver that LetsEncrypt uses exclusively“correct horse battery staple”
They’re easy to remember, borderline unforgettable.
Question.
From what I understand the DNS it’s a node from which you PC accesses the internet, right? And your internet provide has a default one that itbhad access to.
How do you know what DNS is ok and what should you look in for a secure DNS?
The most important thing is to not go for options like Google (8.8.8.8) or Cloudflare (1.1.1.1), which a lot of techies default to.
Using your ISP’s DNS is actually relatively okay, because they are quite well regulated by the GDPR and ePrivacy Directive (e.g. they cannot sell your traffic data or use it for advertising without proper freely-given consent) and you’re already paying them so they don’t need to sell your data to turn a profit. In most cases this configuration is good enough.
The remaining issues could be mass surveillance (some EU member states force ISP’s to keep traffic logs for fighting crime). Switching to a third party NS recursor could work, but you would then have to trust them.
Or perhaps you want DNS over TLS or HTTPS, which not all ISPs offer. Without that, DNS is unencrypted so an wiretapper between you and your ISP could monitor what websites you visit. But such an attack isn’t very likely to happen.
Lastly, some internet censorship is done by forcing ISP’s to block domains at the DNS level. Using a different DNS recursor gets around that, as long as there are no more sophisticated blocks in place.
and you’re already paying them so they don’t need to sell your data to turn a profit
Double the profit baby. STONKS!!!
Just joking, hopefully.
The remaining issues could be mass surveillance
Might there be a problem like this with this DNS from the EU?
Edit: And thanks for you reply, really helpful
The remaining issues could be mass surveillance
Might there be a problem like this with this DNS from the EU?
Unfortunately yes. Some member states have laws requiring ISPs (and presumably also DNS recursors) to log all traffic data, although this was partially restricted by the EU’s top court. It’s difficult to say what exactly is shared with law enforcement and this may well change in the near future.
One other thing what DNS service affects is how quickly webpages loads, especially nowadays when every webpage is full of advertisements. For example, if you try to load a webpage that consists of files on 10 different servers, your computer needs to send 10 DNS queries. If these queries happen sequentially (one query has to resolve, before the next is sent), and if each query takes 1 second, it would take at least 10 seconds for that page to load. If those queries instead resolve in 0.1 second each, that same page would load in about 1 second. GRC Domain Name Speed Benchmark is popular benchmarking tool for testing how fast your DNS service is.
I guess that is not a problem if I usr uBlock, right?
It certainly helps a lot, but webpages often have content from more than one domain. And some ISP provided DNS servers can be slow. Using an ad blocker probably helps more than changing your DNS, but you might still want to make sure your DNS is speedy enough.
A DNS is a Domain Name Server.
It is what translates lemm.ee into an IP address.Perhaps you are thinking of VPN, or virtual private network?
No, I just don’t understand how a DNS can be secure or not secure
You can get a lot of metadata from DNS lookups.
Traditional DNS is just simple UDP. There is no authentication of authority.
There are actually DNS attacks where - if you are intercepting the traffic - you can reply faster than the actual DNS. At which point the client will trust whatever you return as it arrived first.
Indeed, that’s how multiple DNS addresses work. Your computer will yeet a request to all configured DNS. First response gets used.Also, as it’s unencrypted, anyone that can snoop the traffic can see what domain names you are requesting.
There are a few standards that are working to solve this including DoH (DNS over HTTPS) and DoT (DNS over TLS).
DNS gives your PC all the info on how to contact Domain Names like reddit.com or phtn.app. Your PC does that a lot and all the time. This connection is normally not verified or checked or encrypted. If you didn’t touch your DNS configuration you probably use your provider’s DNS server. So they know which services you use, which OS, where and when you go to which pages, and because there is no encryption anyone else may know or even change that, too. Instead of sending you directly to reddit.com a malicious entity might want to send you to another server first to do bad stuff. This is what makes it not secure.
You can see a DNS server as a phone book for your computer. Your computer needs to seek a connection to an ip address to display a website for example. But you as a user only knows the url of the website. So your computers asks the dns server which ip address it should go to.
