180

Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention * TorrentFreak (torrentfreak.com)

submitted 2 years ago by reddthat@reddthat.com to c/piracy@lemmy.dbzer0.com

28 comments fedilink hide all child comments

Run your own unbound or bind resolvers!

you are viewing a single comment's thread
view the rest of the comments

[-] domi@lemmy.secnd.me 8 points 2 years ago

Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?

I'm currently using Quad9 because they support DNS over TLS and DNS over HTTPS.

[-] NullGator@lemmy.ca 5 points 2 years ago

Yes its possible 👍

Use:

forward-zone:
  forward-addr: 9.9.9.9@853#dns.quad9.net

[-] domi@lemmy.secnd.me 3 points 2 years ago

That is what I'm doing currently but now unbound doesn't talk to the root servers anymore, it sends all queries to Quad9.

Both scenarios are not ideal because you always end up with one entity knowing all your queries.

[-] NullGator@lemmy.ca 1 points 2 years ago

Perhaps you could configure more than unbound service behind a loadbalancer. Each unbound instance is configured to use different upstream dns servers.

Double check if unbound doesn't allow you to randomly hop between dns upstreams first, but the above solution should work if that's unavailable atm.

[-] out@lemmynsfw.com 1 points 2 years ago

Not sure you would even need encryption. Surely It can't be illegal to ask the root servers (and all the other DNS servers involved, because the root servers only have IPs for TLD DNS servers) for IPs