Secure DNS alternative: nextdns.io

i just stumbled upon this. i don’t have any experience or affiliation, other than poking around their network a bit, but it looks like it could be interesting:

https://www.nextdns.io/

2 Likes

https://blahdns.com
How about blahdns to block ads

dns.watch ?

I saw this at IRC and made the following critique:

You need to enable JavaScript to run this app.

reminds me of OpenDNS, are they doing something particularly interesting why to give them a chance?

I currently have DNSCrypt over Tor and https://quad9.net/ in Firefox and I also configured it on the router going to my grandmother


now I look at them a bit deeper

  • If you do not natively support the protocols listed on this page, you can use the following DNS Server and link your current IP address to this configuration. This is mostly for use on home networks.

and this is exactly the OpenDNS issue, how do you know that I am not linking several users of my ISP with help from CGN and block everything for them if they happen to use this service? It has happened with OpenDNS previously from what I have heard.

2 Likes

Wait, grandmother routing? Why / how DNSCrypt over Tor? Isn’t DNSCrypt already encrypted and doesn’t Tor add considerable delay in the resolution?

1 Like

Grandmothers are also on the internet nowadays :slight_smile:

Mine has internet connection as a part of fees of her apartment and she assigned me to pick a device she needs to use it (which was a good idea as the ISP was lying to her and would have told her to get a wrong device which is a different story) and I setup Quad9 on that router in hope that it will be more reliable than the ISP (which you can probably guess is not enjoying my/our trust) and maybe even stop some phishing attacks that might target her otherwise.

I am currently not using it with Tor, but that caused Cloudflare to not always be the fastest server, so I had more diversity in who the servers were and it prevented the dnscrypt-server from knowing my IP. It also provides cover traffic which is the biggest reason why I am using Tor for anything (even if there are some on which I like actual privacy).

# Tor if necessary
force_tcp = true
# Experience: this port shouldn't have IsolateDestAddr/IsolateDestPort or
# Tor may be unhappy due to the amount of circuits opened. Different ports
# are already isolated from each other and I think dnscrypt-proxy should
# mostly be connecting to the top fastest servers with lb_strategy p2
proxy = "socks5://dnscrypt-proxy:randompasswordhere123613413671@127.0.0.1:9052"

Yes, but then the server knows my IP.

Yes, ~30 ms which is easily the difference between Cloudflare and not-Cloudflare anyway.

2 Likes

Might be similar to Blockchain DNS, except I see this one is cloud-based. Blockchain DNS uses Namecoin and Emercoin cryptography. I’ll check it out!

I accidentally found another reason to use Quad9, a Finnish IXP TREX says to run a Quad9 node (and some technical people tell that Finnish users should use TREX recursors).

Our resolvers do not support DNS over TLS, DNS over HTTPS or dnscrypt. But TREX hosts a Quad9 node, which offers a secure service with those features. Their server addresses are easy to remember:

I am not entirely sure if this comment is relevant here, but this happens to be the most recently active thread where I have mentioned Quad9.

TREX has been around a loooong time. curious why they don’t offer any more advanced resolver services, especially given all the uproar in the recent years surrounding DNS. are they still using BINDv8? (sorry, i just had to) :smiley:

(and to anyone thinking, well, why do they need to when they can clearly refer to their Quad9 service, just no. as far as i’m concerned, any provider should be offering encrypted dns, and for any clients still requiring udp:53, encouraging their longtail of clients to upgrade - yes i also know this isn’t a fast process, but i’m just disappointed at the speed it’s gone so far given the magnitude of the issue at hand… yeah this was way longer than intended)

1 Like

I felt like they were dodging a very important question in their AMA, that makes me not want to use them.

Thanks. I’ll have to try playing around with this when I get a chance.

I’m running NextDNS on my iPhone now testing it out. Plan to talk to the developers as well.

1 Like

So NextDNS is in beta, so it won’t work perfect but what I noticed was in 24 hours, it only blocked 4 trackers, and after about 10 min into that 24 hour window, it actually stopped working. It told me on my phone I was connected to VPN, but when I visited the NextDNS website, it said I was not connected through their service.

So while the app said CONNECTED, and it displayed VPN at the top, it wasn’t actually working. Again, Beta, but not something you can be using.