I should build a free DNS service..

For what? Just out of curiosity tbh, I like that temp email service you have :D

twisted is easy start if you want build custom dns server :)

Why should you?

Free DNS? Use Cloudflare

@Sumafu I think the goal of having his own DNS is specifically to prevent another entity from seeing everything that he's doing.

@Sumafu

yeah the big MITM, great idea for privacy

@gitpush

Just for people to use, instead of cloudflare or other services.

@Linux Generous of you ^_^

Google or OpenDNS doesn't cut it?

But how would your server be any different from all the other providers? Would you just be acting as an intermediary between the users and the main providers? Or would it be a recursive DNS server? And what about latency?

I tried getting my friends to use my pihole server as a DNS for the privacy and latency benefits, but for some reason they're afraid that *I* would spy on them, even though I could not care less (ironic, isn't it?).

@endor That kinda makes sense. For Google or Cloudflare, they're just a single datapoint among millions of others. For you, they're an actual person and you have direct access to their lives.

@gronostaj hmm you're right, I guess I didn't consider that aspect of it

@coder-pikachu

those are just resolvers.

@endor

I was thinking about a environment for individuals and organizations to host their DNS instead of going to a paid service or cloudflare or something similar.

More like afraid.org

Added benefit with PDNS-Admin would be the ability for users to put in their own domains for personal use instead of hosts files. Can't wait to see it!

@Condor

Yeah if I can't stop killing it xD

Authorative? Also, use NSedit instead of PowerAdmin.

@Jilano your ISP still logs everything

@toriyuno depends on which DNS server your local one is using, most likely Cloudflare or Google or such in those cases (Cloudflare here). Not really running my own DNS to avoid snooping though, there's no way around the fact that my server will have to ask *someone* where this or that domain is at the end of the day. The ability to make my own zones is the main driving force for me, far more entertaining than anonymity :)

That said, I am generally wary about my ISP, not because they're snooping or anything, I don't think they do, but because I find them too incompetent to deal with my data. So I route most (and ideally all, but that's not always the case) traffic through my personal VPN servers.

@Condor everything goes through your ISP regardless of what DNS server you're using. They are the middle man between you and the "internet".

@toriyuno

But they dont know what you are doing if you are using a VPN. They can only thing they would know is that you are using a VPN.

@Linux oooh, I forgot about that.

What’s the benefit of a VPN over port forwarding with a sock5 proxy?

@toriyuno

depends entirely on what the socks5 proxy is.

SSH-tunnel? Tor? and so on. Or just a service that sends everything over plain text anyway

@Linux ssh port forwarding. what does a vpn over that?

@toriyuno

depends on what VPN service you use. + that most systems does not route things automatically over a socks5 tunnel - you have to manually tell your applications to use it.

@Linux if I were to use ip tables to route all traffic from an application to a sock5 socket, would there be any difference from a VPN?

Since there’s so much marketing around “VPNs” and it’s a common term now, I don’t quite grasp what it does, and what the limitations are.

@toriyuno I've used SSH dynamic port forwarding in the past (before I got a hold of some of my own internet-facing servers), it works but it's quite limited. A VPN is superior in the sense that it gives you a whole network and all its functionality as well as being sure that all applications will be using it, without having to muck around with proxychains and such. But in terms of privacy and connection encryption, they're functionally the same.

(Edit: to be clear I'm talking about setting up your own VPN server rather than commercial solutions where the marketing wank is indeed very strong)

Well, it is technically working now

https://freedns.linux.pizza

Accepting testers :)

@Linux there doesn't appear to be any sign-up form 🤔

Out of curiosity, which admin suite did you go with in the end?

@Condor

No sign-up, I will add it manually to reduce malware-domains being run on the environment.

I went with PDNS-manager :)

@Linux oh, I see. Not sure if I've tried that particular one yet 🤔

As for malware domains, I wouldn't worry too much about that. Any user including the infection targets would have to change their DNS to yours first, which pretty much implies that the attacker already has a pretty high level of access. At those access levels, changing the DNS to be able to resolve malware domains becomes a bit pointless. Personally if I were a blackhat, I'd probably register something like a .tk for that maybe, on Freenom to have it authoritative on any DNS server.