DNS Server Recommendations?

dns-securityLike a lot of people, I initially thought using Google DNS for my laptops was a great idea, because Google DNS is really fast according to my namebench tests and 8.8.8.8 is easy to remember.

On second thought, do I really want Google tracking me through DNS too, when there’s so many other free DNS providers out there? Not that I don’t trust Google’s 61,814 employees ;-)

My next thought was: How do I choose a free DNS provider? Does anyone review DNS servers?

I’d say there’s two categories of offerings: uncensored servers and “safer” censored servers. Initially, you might think the censored servers are safer. Generally speaking, maybe they are. But depending on your business, it could be the opposite.

If we look at Microsoft’s Skype as an analogy, to protect you from spam, they spy on everyone’s messages. Generally speaking, a DNS server that censors content, more or less, could have its nose in everyone’s business, and that information could be used inappropriately, even with the best intentions.

Which DNS servers are you using now? If you’re using Linux, try nmcli. It’s a “command‐line tool for controlling NetworkManager.”

nmcli dev show|grep DNS

Trying this, I noticed my DNS servers were set to the local ISP, even though I had set my /etc/resolv.conf file a few days ago to use a different DNS service. Opening resolv.conf, sure enough I see the line:

# Generated by NetworkManager
(The wrong servers...)

I’m using BunsenLabs Debian. How did I fix this? I found the answer here.


1. Choose a connection (from the Wired or Wireless tab) and click Edit.
2. Click on the IPv4 Settings tab
3. Choose ‘Automatic (DHCP) addresses only’ instead of just ‘Automatic (DHCP)’.
4. Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. 208.67.222.222 for OpenDNS).
5. Click “Apply.”

That worked and my /etc/resolv.conf updated immediately.

What DNS servers did I decide to use? I found some recommendations here, and I trust the Arch folks are very smart. Out of that list, I decided to try these: https://www.opennicproject.org/nearest-servers/

Was that helpful? Email pj@pjbrunet.com


Thanks for your support.
.
BTC -
DASH -
ETH -
1Prh5VnUJRQV3sARhEfQAMKv9UzGqgAMXg
XgcB56Zz4pYvrATG2SZJzqnhNxD8mDQMfd
0x467a73878a7b57899cb1dd070a4eb40fdc00d38b

×

PJ Brunet



CSS & Javascript © 2014-2016
by PJ Brunet