this post was submitted on 16 Jun 2024
179 points (99.4% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54476 readers
718 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Run your own unbound or bind resolvers!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 4 months ago (2 children)

Is it possible to get unbound to talk to the root servers via TLS/HTTPS by now?

I'm currently using Quad9 because they support DNS over TLS and DNS over HTTPS.

[–] [email protected] 5 points 4 months ago (1 children)

Yes its possible 👍

Use:

forward-zone:
  forward-addr: 9.9.9.9@853#dns.quad9.net
[–] [email protected] 3 points 4 months ago (1 children)

That is what I'm doing currently but now unbound doesn't talk to the root servers anymore, it sends all queries to Quad9.

Both scenarios are not ideal because you always end up with one entity knowing all your queries.

[–] [email protected] 1 points 4 months ago

Perhaps you could configure more than unbound service behind a loadbalancer. Each unbound instance is configured to use different upstream dns servers.

Double check if unbound doesn't allow you to randomly hop between dns upstreams first, but the above solution should work if that's unavailable atm.

[–] [email protected] 1 points 4 months ago (1 children)

Not sure you would even need encryption. Surely It can't be illegal to ask the root servers (and all the other DNS servers involved, because the root servers only have IPs for TLD DNS servers) for IPs

[–] [email protected] 3 points 4 months ago (1 children)

Not illegal but it leaves all your DNS lookups in plain text with your ISP, which just doesn't sit right with me.

Not that the ISP in my country would care.

[–] [email protected] 1 points 4 months ago

Also introduces the possibility of DNS poisoning