scyDec 20

TIL: My ISP (Vodafone Germany) is DNS-blocking annas-archive.li.

*adds "recursive DNS resolver" to his list of services to self-host*

Edit: Today I _also_ learned that Wikimedia is hosting a public DNS (DoH and DoT) resolver:

https://meta.wikimedia.org/wiki/Wikimedia_DNS

Thanks @LunaDragofelis for pointing that out!

Wikimedia DNS - Meta-Wiki

Show threadCassandra is only carbon nowDec 20
@scy I've had good luck using quad9 as an upstream, short of a full recursive resolver.
Show threadscyDec 20
@xgranade Oh, sure, Google's 8.8.8.8 resolves it too. But I'm assuming they block other stuff instead.
Show threadManawyrm | SarahDec 20

@scy @xgranade If they do, I haven't found it yet!

I do also just run my own resolver now, unbound is really low-maintainance and runs very well, highly recommended if your connection is low-latency.

Show threadscy
@manawyrm See, I'm old enough that I would've chosen PowerDNS instead, but Unbound sounds nice, too.
Dec 20 at 11:31pmWeb
Show threadManawyrm | SarahDec 20

@scy PowerDNS is just the right choice for an authoritative DNS server. All the features, configurability, etc.

Excellent software, have run it on an absurd scale before.

But for recursive DNS unbound is very nice as it‘s just pain and maintenance free. It‘ll just do its job long-term and won‘t cause any fuss.
Really quite like it, have deployed it multiple times over the last couple of years and never had to touch it again (even in rather exotic situations like NAT64).

Show threaddmi 💽 Dec 20
@manawyrm @scy PowerDNS also offers a recursive server! (among other things)
Show threadManawyrm | SarahDec 20
@domi @scy I know, I know, just never deployed that at scale and don‘t know if it will behave nicely.
Show threadAliveDevilDec 20

@manawyrm @domi @scy
Works just fine.

Just like Unbound/Dnsmasq on the OpenWRT router, pdns-rec is basically maintenance free.

Though, I should update them …

Show threadDasSkelettDec 21

@manawyrm @domi @scy
I for one can recommend PowerDNS, runs very nicely as public resolver here at @freifunkMUC
https://stats.ffmuc.net/d/LCEp2wC7z/pdns-recursor?from=now-2d&to=now&timezone=browser
especially behind dnsdist
https://stats.ffmuc.net/d/tlvoghcZk/doh-dot?orgId=1&from=now-2d&to=now&timezone=browser&refresh=1m

However for Unbound there's a big "home user" community with a lot of existing tools especially for ad blocking, so it's certainly a valid choice.

Grafana

Show threaddmi 💽 Dec 21
@manawyrm @scy neither have I FWIW - kind of recommending it blindly because pdns auth is so good and the authors are really nice
Show threadjn (big endian energy)Dec 21
@domi using 'auth' and 'authors' in the same sentence somehow tricked my reading comprehension into thinking that authors are those who do auth
Show threadSaphira Lohikäärmekettunen Dec 20
@scy @manawyrm I'm so old, I use bind9 for that