ItzTrain
What are your #homelab (s) using for recursive DNS servers? I tried the whole root blah blah blah and it ended up being slower for #DNS or for me. I ended up switching to Quad9.. For now I suppose it was the only one I. could find that is not run by some corporation.
#selfhosting #selfhosted #dns #quad9
Jun 29, 2023 at 5:46pmWeb
Show threadMichaelJun 29, 2023
@train Unbound for me. Simply because it's the default on OPNsense. I'm pretty okay with it, but it's facilities for being "authoritative" are a bit lacking, so I'm also running a PowerDNS recursor, which accesses a PowerDNS authoritative server holding my internal domains, and also recurses out to my Consul for service discovery via DNS.
Show threadItzTrainJun 29, 2023
@mmeier Never heard of powerdns! I'll look into it. Do you have any reservations about the privacy of your dns queries to PowerDNS?
Show threadMichaelJun 29, 2023

@train Ahm, why would I? It's running on my hosts in my homelab...?

Ooooh, am I completely misinterpreting your question? You were talking about recursive DNS servers (upstream servers like 8.8.8.8), not about recursing servers you run yourself? 🤦

Show threadItzTrainJun 29, 2023
@mmeier yes hahah! I am running Techtinum dns server which was recursing any non authoritative dns zones to the DNS root servers.. I was getting a bunch of timeouts and failures.. small amounts but I was. I then decided to point to a Recursive DNS service.. and things got immediatly better and faster. However, privacy is a thing and point to google is not the most private. I was asking what others were using.
Show threadMichaelJun 29, 2023

@train Ah, in that case I'm really sorry about the noise.

I must admit that I haven't done much thinking in this regard. I've got the OpenDNS servers configured, but that's not based on much research or anything. I just figured: Cisco doesn't make it's money with DNS servers, so it should be reasonably safe from any shenanigans.

Show threadItzTrainJun 29, 2023
@mmeier I worked for the company that Cisco acquired OpenDNS from and though you are right, most of their money doesn't come from DNS, it's a service they package up and sell with other security products.. So it's still a product and though I couldn't tell you they do any crazy data gathering.. It's still a company, still a product.. If that means anything to you.
Show threadDisJun 29, 2023

@train
adguard-home primary, blocky secondary, with nominally identical blocklists and configs. (It is theoretically possible to scale adguard now, but I'm used to this setup.)

Both point to secure, trusted upstreams that are not google because my provider does evil manipulation of DNS traffic (and smtp, probably others) when they can and I kinda wish that was illegal.

https://adguard.com/en/adguard-home/overview.html https://0xerr0r.github.io/blocky

AdGuard Home | Network-wide software for any OS: Windows, macOS, Linux

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.

Show threadItzTrainJun 29, 2023
@dis what are those upstreams?
Show threadDisJun 29, 2023
@train sdns://AgEAAAAAAAAAAAANZG5zLnF1YWQ5Lm5ldAovZG5zLXF1ZXJ5 (quad9) with 1.1.1.1/9.9.9.9 for bootstrapping. Have you checked https://adguard-dns.io/kb/general/dns-providers/ ? (It is from adguard but it is a simple list, no weirdness)
Known DNS Providers | AdGuard DNS Knowledge Base

Here we suggest a list of trusted DNS providers. To use them, first install AdGuard Ad Blocker or AdGuard VPN on your device. Then, on the same device, click the link to a provider in this article

Show threadItzTrainJun 29, 2023
@dis ahh good i'm using quad9 too. It was the only thing I could find that is not governed by commercial interest.
Show threadAuliJun 29, 2023
@train just used root ones. It is slower for the first search but after that there is no difference.
Show threadItzTrainJun 29, 2023
@Auli It has been pretty slow for a bit for me and I have been getting these time out errors... So I moved on and it really got better.. what do you use as your DNS server?
Show threadAuliJun 29, 2023
@train I run pihole with unbound and the root servers. The first time looking up something might be slower then normal but other then they no issues.
Show threadStefan Jun 29, 2023

@train +1 for unbound on OPNsense.

Also tried NextDNS which was really really nice. But unbound works so good and fast with the caching, it’s fine for me. Maybe not so fast like NextDNS or Cloudflare but not really noticeable slower in everyday use.

Show threadTupcakesJun 29, 2023
@train technitium dns pointed at nextdns for the resolver over DoH.
Show threadItzTrainJun 29, 2023
@tupcakes I just tried DOH with Quad9 and got a bunch of errors in the logs.. I switch to over TLS and that seemed to be better. I also pretty big fan of technitium.. how do you like it?
Show threadTupcakesJul 2, 2023
@train technitium dns is amazing. Full zone support, multiple dhcp scopes, ad blocking, DoH… it’s got it all. And it’ll run on a potato.
Show threadDoReJun 30, 2023
@train Using PiHole and Unbound in forwarding mode. Which pushes its DNS requests encrypted to Quad9.
Show threadϺΛDИVTTΛHJun 30, 2023

@train #unbound running here as a #recursive #DNS #resolver.

Not too bad after a while.