Author Topic: alternative DNS servers?  (Read 1617 times)

alternative DNS servers?
« on: 25 March, 2017, 07:13:02 pm »
I've been using Google 8.8.8.8 and 4.4.4.4 for ages, but at the moment they are flaky in the extreme. Any suggestions for alternatives?

Re: alternative DNS servers?
« Reply #1 on: 25 March, 2017, 07:21:19 pm »
OpenDNS? 208.67.222.222 ยท 208.67.220.220

Kim

  • Timelord
    • Fediverse
Re: alternative DNS servers?
« Reply #2 on: 25 March, 2017, 07:21:57 pm »
OpenDNS (mildly evil)
Your ISP (assuming they're basically competent) (may or may not be evil)
Run your own (guaranteed non-evil)

Re: alternative DNS servers?
« Reply #3 on: 25 March, 2017, 07:35:57 pm »
My ISP is Virgin (evil)

OpenDNS is working, thanks, Google DNS is just so easy to remember and I've sold my soul to them anyhow.

Kim

  • Timelord
    • Fediverse
Re: alternative DNS servers?
« Reply #4 on: 25 March, 2017, 07:37:59 pm »
I thought you could turn Virgin's NXDOMAIN hijacking off..

Re: alternative DNS servers?
« Reply #5 on: 25 March, 2017, 07:51:09 pm »
Never tried, tbh, just use Google's habitually

Afasoas

Re: alternative DNS servers?
« Reply #6 on: 25 March, 2017, 08:01:28 pm »
OpenDNS (mildly evil)

Why are OpenDNS mildly evil?


DuckDuckGo has an instant answer for this:
https://duckduckgo.com/?q=dns+servers&t=lm&ia=answer&iax=1

Re: alternative DNS servers?
« Reply #7 on: 25 March, 2017, 08:17:13 pm »
.....only duckduckgo was unavailable, as was Google. Weirdly some sites were ok, and not just cache. I assume it must be some form of attack that waxes and wanes.

Trouble with any list like that, you don't really know how effective the site is, and you could easily design an attack vector based around hacking a DNS server.

Feanor

  • It's mostly downhill from here.
Re: alternative DNS servers?
« Reply #8 on: 25 March, 2017, 08:35:34 pm »
That's why I run my own.

If you have a home network of more than a few machines, then even an old laptop sitting in the corner can make a perfectly good DNS server.

Kim

  • Timelord
    • Fediverse
Re: alternative DNS servers?
« Reply #9 on: 25 March, 2017, 08:47:55 pm »
OpenDNS (mildly evil)

Why are OpenDNS mildly evil?

Hijacking NXDOMAIN is evil.  It breaks things.

Also they do filtering, which can be used for evil.

Afasoas

Re: alternative DNS servers?
« Reply #10 on: 25 March, 2017, 11:03:35 pm »
.....only duckduckgo was unavailable, as was Google. Weirdly some sites were ok, and not just cache. I assume it must be some form of attack that waxes and wanes.

Well you made it onto YACF !  :thumbsup:

Trouble with any list like that, you don't really know how effective the site is, and you could easily design an attack vector based around hacking a DNS server.

Surely that's where doing your own research comes in?
And unless you are using DNSSEC (which has it's own security problems) DNS cache poisoning is trivial. Personally I'm much more concerned around privacy, filtering and NXDOMAINs not resolving to sites that offer advertising.

Afasoas

Re: alternative DNS servers?
« Reply #11 on: 25 March, 2017, 11:09:40 pm »
OpenDNS (mildly evil)

Why are OpenDNS mildly evil?

Hijacking NXDOMAIN is evil.  It breaks things.

Also they do filtering, which can be used for evil.

The only NXDOMAIN hijacking I've seen OpenDNS using is with the filtered content on their family friendly DNS IPs. I haven't seen any on the usual IPs.
The real time analysis OpenDNS do is pretty powerful stuff when it comes to identifying and dropping malicious domains.

That said, an awful lot can be revealed about a persons internet usage from DNS queries alone, thus privacy is my biggest concern. Been tempted to switch out for root servers for quite some time.