Hacker News new | past | comments | ask | show | jobs | submit login

> Uses random upstream resolvers from the configuration - increases your privacy through the distribution of your DNS traffic over multiple provider

The whole project is really interesting but this line caught my eye.

For spreading DNS providers, would randomly routing to different ones be more or less private than rotating providers every X minutes? It feels like so many sites request so many different resources that if you make DNS resolution distributed across providers, you might be exposing your "trail" to multiple companies at the same time, compared to an alternative approach of switching every X minutes so that any individual company only sees a snapshot of your queries in time rather than your whole journey.




rethinkdns dev here

> For spreading DNS providers, would randomly routing to different ones be more or less private than rotating providers every X minutes.

Less private for the simple fact that now you'd have to rely on multiple upstream resolvers to respect your privacy. Stick to one; ideally the one with better privacy guarantees like the Mozilla endpoints to Cloudflare DNS.

Or, use anonymizing protocols like Oblivious DNS over HTTP and DNSCrypt v3.


100% agree. Not sure why you'd randomly play round robin with a bunch of DNS servers. What purpose is this feature even for?

If privacy is what you're intending however, DNS is only one part of that and there are other ways in which things can leak https://www.privacyguides.org/en/advanced/dns-overview/

Generally I just recommend to people to use their internal VPN provider's DNS servers and call it a day, or of course Tor.


I use (and recommend) local recursive resolvers.


It's unencrypted and exposing your IP. From a privacy perspective it's better to use something like Mullvad DNS over DoT or DoH.


Exposing my IP to who exactly?

My ISP can already see where I go and what I do anyway.

But you do you, friend.


> the Mozilla endpoints to Cloudflare DNS

Oh, I did not know that Mozilla had an endpoint on Cloudflare's 1.1.1.1 service, but there it is!

https://github.com/mozilla/gecko-dev/blob/c09764753ea40725eb...

https://mozilla.cloudflare-dns.com/dns-query

Does Mozilla publish their terms somewhere? I'm curious how their endpoint is any different.


First thing I thought about was the reasoning behind why Tor uses Entry Guards (a limited set of relays chosen by your client to use as the first entry point rather than a random one each time). I'd imagine the same arguments apply for why you don't want to randomize which servers your DNS queries go to. If you're making hundreds or thousands of queries, as people tend to do while using the same set of sites over time, then eventually all servers will end up with the names of all the sites you visit, as opposed to just choosing one server and only that server having the names. So yeah, that definitely seems like the opposite of a privacy feature.

More info on why Tor chooses just a few entry nodes here: https://support.torproject.org/about/entry-guards/


not novel but a standard feature in dnscrypt-proxy




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: