Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
endor56666yBut how would your server be any different from all the other providers? Would you just be acting as an intermediary between the users and the main providers? Or would it be a recursive DNS server? And what about latency?
I tried getting my friends to use my pihole server as a DNS for the privacy and latency benefits, but for some reason they're afraid that *I* would spy on them, even though I could not care less (ironic, isn't it?). -
@endor That kinda makes sense. For Google or Cloudflare, they're just a single datapoint among millions of others. For you, they're an actual person and you have direct access to their lives.
-
Linux434836y@endor
I was thinking about a environment for individuals and organizations to host their DNS instead of going to a paid service or cloudflare or something similar.
More like afraid.org -
Condor323326yAdded benefit with PDNS-Admin would be the ability for users to put in their own domains for personal use instead of hosts files. Can't wait to see it!
-
Condor323326y@toriyuno depends on which DNS server your local one is using, most likely Cloudflare or Google or such in those cases (Cloudflare here). Not really running my own DNS to avoid snooping though, there's no way around the fact that my server will have to ask *someone* where this or that domain is at the end of the day. The ability to make my own zones is the main driving force for me, far more entertaining than anonymity :)
That said, I am generally wary about my ISP, not because they're snooping or anything, I don't think they do, but because I find them too incompetent to deal with my data. So I route most (and ideally all, but that's not always the case) traffic through my personal VPN servers. -
@Condor everything goes through your ISP regardless of what DNS server you're using. They are the middle man between you and the "internet".
-
Linux434836y@toriyuno
But they dont know what you are doing if you are using a VPN. They can only thing they would know is that you are using a VPN. -
@Linux oooh, I forgot about that.
What’s the benefit of a VPN over port forwarding with a sock5 proxy? -
Linux434836y@toriyuno
depends entirely on what the socks5 proxy is.
SSH-tunnel? Tor? and so on. Or just a service that sends everything over plain text anyway -
Linux434836y@toriyuno
depends on what VPN service you use. + that most systems does not route things automatically over a socks5 tunnel - you have to manually tell your applications to use it. -
@Linux if I were to use ip tables to route all traffic from an application to a sock5 socket, would there be any difference from a VPN?
Since there’s so much marketing around “VPNs” and it’s a common term now, I don’t quite grasp what it does, and what the limitations are. -
Condor323326y@toriyuno I've used SSH dynamic port forwarding in the past (before I got a hold of some of my own internet-facing servers), it works but it's quite limited. A VPN is superior in the sense that it gives you a whole network and all its functionality as well as being sure that all applications will be using it, without having to muck around with proxychains and such. But in terms of privacy and connection encryption, they're functionally the same.
(Edit: to be clear I'm talking about setting up your own VPN server rather than commercial solutions where the marketing wank is indeed very strong) -
Condor323326y@Linux there doesn't appear to be any sign-up form 🤔
Out of curiosity, which admin suite did you go with in the end? -
Linux434836y@Condor
No sign-up, I will add it manually to reduce malware-domains being run on the environment.
I went with PDNS-manager :) -
Condor323326y@Linux oh, I see. Not sure if I've tried that particular one yet 🤔
As for malware domains, I wouldn't worry too much about that. Any user including the infection targets would have to change their DNS to yours first, which pretty much implies that the attacker already has a pretty high level of access. At those access levels, changing the DNS to be able to resolve malware domains becomes a bit pointless. Personally if I were a blackhat, I'd probably register something like a .tk for that maybe, on Freenom to have it authoritative on any DNS server.
I should build a free DNS service..
rant