DNS question

I have started my journey to become more private.
I am at the DNS section and a little confused. Whats the difference between encrypted dns resolvers and dns client? Do I need both (i.e. change dns in router and install client on each device)?
Also which dns do you recommend? I am currently using 1.1.1.1 .
Thank you!

Also who owns this awesome website??

A DNS resolver is the entity that answers the question: “what is the IP for nlnetlabs.nl?”. This is some server on the internet, typically handled by your Internet Service Provider. A DNS client is the one asking that question. Your own computer is an example of a DNS client, who can issue DNS queries thanks to pre-installed software. For example in Linux you can run host nlnetlabs.nl, since it’s a dns lookup utility.

As a small aside, software that runs on a computer but communicates to a remote server is often referred to as the “client”. Therefore, the alternatives you see listed such as Unbound are referred to as clients because they’ll take over the responsibility of issuing DNS queries once they’re installed.

You can setup your computer to issue DNS queries for individual programs only. For example in Firefox you can enable DNS over HTTPS, and then only DNS queries coming from Firefox would be encrypted. You can take things even further by setting the DNS resolver on your router so that every device in your home network resolves to that same DNS server. Your router probably needs to have support for that, so you might want to run your own local DNS server at home.

It is up to you to decide what works best for your use case, and as always I recommend taking it easy and make simple changes first and move on from there. I would say any of the options proposed by Privacytools are good enough. For better speeds try to choose one that is closest to you.

1 Like

Thanks a lot for your reply!
I think every router supports changing dns right? Anyways I have openwrt firmware so i can do it easily…
I still have some question. Like if for eg cloudfare is commercial, so how does it make money? By selling data!?!!?!? Also how do other dns providers afford to do that without asking for any money?
I am currently using 1.1.1.1 cloudfare… what do you personally recommend?

I would assume that today most routers do support encrypting DNS queries but nevertheless this is something to consider.

I don’t know if Cloudflare makes any profit out of providing a DNS server, or if they do sell data to third-parties, but they have a business plan page listing some of their paid services.

Likewise, running servers cost money and some (I didn’t check all) of the options offered have a donate page or link to donating/collaboration platforms. If they don’t ask for money for this is because they probably have other revenue streams. This is just a guess though, don’t take my word for it.

1 Like

Well atm I am currently using this: https://dns.watch/ : it mostly focuses on just regular DNS, but it does offer DoH, & DNSCrypt thats in a beta stage. I HAVE tried DoT for a while… meh.

Web browser settings have additional options: DoH, DNS thru SOCKS5 proxy, etc. :slight_smile:

1 Like

Quad9, since it’s non profit and based on switzerland

[quote=“bemyfrnd, post:3, topic:5387”] cloudfare is commercial, so how does it make money? [/quote] It’s a CDN so it probably makes money with their customers

1 Like

ooh thanks :slight_smile: it looks like they give you the option of malware blocking or not. I might switch DNS xD