DNS Server Recommendations?

dns-securityLike a lot of people, I initially thought using Google DNS for my laptops was a great idea, because Google DNS is really fast according to my namebench tests and is easy to remember.

On second thought, do I really want Google tracking me through DNS too, when there’s so many other free DNS providers out there? Not that I don’t trust Google’s 61,814 employees, but at a Google Cloud presentation they said the data they collect (our data) is freely available to anyone at Google who wants to build a product. Of course Google mines your nameserver data, if only to improve its search engine results. That data could be anonymized, but that’s beside the point.

My next thought was: How do I choose a free DNS provider? Does anyone review DNS servers?

I’d say there’s two categories of offerings: uncensored servers and “safer” censored servers. Initially, you might think the censored servers are safer. Generally speaking, maybe they are. But depending on your business, it could be the opposite.

If we look at Microsoft’s Skype as an analogy, to protect you from spam, they spy on everyone’s messages. Generally speaking, a DNS server that censors content, more or less, could have its nose in everyone’s business, and that information could be used inappropriately, even with the best intentions.

Which DNS servers are you using now? If you’re using Linux, try nmcli. It’s a “command‐line tool for controlling NetworkManager.”

nmcli dev show|grep DNS

Trying this, I noticed my DNS servers were set to the local ISP, even though I had set my /etc/resolv.conf file a few days ago to use a different DNS service. Opening resolv.conf, sure enough I see the line:

# Generated by NetworkManager
(The wrong servers...)

How did I fix this? I found the answer here.

1. Choose a connection (from the Wired or Wireless tab) and click Edit.
2. Click on the IPv4 Settings tab
3. Choose ‘Automatic (DHCP) addresses only’ instead of just ‘Automatic (DHCP)’.
4. Enter the DNS servers in the “DNS servers” field, separated by spaces (e.g. for OpenDNS).
5. Click “Apply.”

That worked and my /etc/resolv.conf updated immediately.

What DNS servers did I decide to use? I found some recommendations here, and I trust the Arch folks are very smart. Out of that list, I decided to try these: https://www.opennicproject.org/nearest-servers/

Was that helpful? Email pj@pjbrunet.com