ItzTrainJun 29, 2023
What are your #homelab (s) using for recursive DNS servers? I tried the whole root blah blah blah and it ended up being slower for #DNS or for me. I ended up switching to Quad9.. For now I suppose it was the only one I. could find that is not run by some corporation.
#selfhosting #selfhosted #dns #quad9
Show threadMichaelJun 29, 2023
@train Unbound for me. Simply because it's the default on OPNsense. I'm pretty okay with it, but it's facilities for being "authoritative" are a bit lacking, so I'm also running a PowerDNS recursor, which accesses a PowerDNS authoritative server holding my internal domains, and also recurses out to my Consul for service discovery via DNS.
Show threadItzTrain
@mmeier Never heard of powerdns! I'll look into it. Do you have any reservations about the privacy of your dns queries to PowerDNS?
Jun 29, 2023 at 7:04pmWeb
Show threadMichaelJun 29, 2023

@train Ahm, why would I? It's running on my hosts in my homelab...?

Ooooh, am I completely misinterpreting your question? You were talking about recursive DNS servers (upstream servers like 8.8.8.8), not about recursing servers you run yourself? 🤦

Show threadItzTrainJun 29, 2023
@mmeier yes hahah! I am running Techtinum dns server which was recursing any non authoritative dns zones to the DNS root servers.. I was getting a bunch of timeouts and failures.. small amounts but I was. I then decided to point to a Recursive DNS service.. and things got immediatly better and faster. However, privacy is a thing and point to google is not the most private. I was asking what others were using.
Show threadMichaelJun 29, 2023

@train Ah, in that case I'm really sorry about the noise.

I must admit that I haven't done much thinking in this regard. I've got the OpenDNS servers configured, but that's not based on much research or anything. I just figured: Cisco doesn't make it's money with DNS servers, so it should be reasonably safe from any shenanigans.

Show threadItzTrainJun 29, 2023
@mmeier I worked for the company that Cisco acquired OpenDNS from and though you are right, most of their money doesn't come from DNS, it's a service they package up and sell with other security products.. So it's still a product and though I couldn't tell you they do any crazy data gathering.. It's still a company, still a product.. If that means anything to you.