Hacker News new | past | comments | ask | show | jobs | submit login

> For example, is using 1.1.1.1, 8.8.8.8, or 9.9.9.9 (CF, Google, and Quad9, respectively) good or bad in this regard?

Just run Unbound locally or if you really don't want your ISP to snoop on your DNS traffic - on some VPS in a datacenter.




I am totally fine with my ISP seeing my DNS traffic (it is bound by GDPR & more; I trust it more than CF or Google). I want to ensure the DNS traffic info does not leave my ISP (other than to other DNS resolvers recursively).

And as per Spamhaus, the DNS traffic in a datacenter may still end up in the Spamhaus passive DNS DB.


Better hope that none of the parties involved have a data-sharing agreement like this: <https://www.farsightsecurity.com/community/data-sharing/>




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: