My ISP is AT&T (located in the U.S.) and I have issues loading random websites. Currently have Google DNS set in my router, which works great. But I’m guessing there’s a better, more private, option?

  • umami_wasabi
    link
    fedilink
    214 months ago

    I recently switched to NextDNS. I used to run my own AdGuard Home with multiple DNS provider as upstream.

  • @Darkassassin07@lemmy.ca
    link
    fedilink
    English
    164 months ago

    Regular DNS can be monitored, intercepted, and modified however your ISP decides, even with you specifying custom DNS servers.

    I run pihole on my LAN, with cloudflared as its upstream DNS. Cloudflared translates regular DNS into DOH using cloudflare and quad9 as the upstream DOH providers (configurable).

    Pihole DOH with cloudflared

    Finally I block all port 53 (dns) traffic at the router so it cannot leave my LAN. All LAN devices that want regular DNS are forced to use the LAN DNS server which wraps their requests in DOH for them. (as well as blocking ads, tracking/telemetry, and known malware sites)

    • @drspod@lemmy.ml
      link
      fedilink
      54 months ago

      What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.

      • @Darkassassin07@lemmy.ca
        link
        fedilink
        English
        24 months ago

        I’m not all that concerned about either tbh; I was just already capturing DNS traffic and funneling it through pihole for the customizable blocking, and figured I may as well add DOH while I’m at it.

        Just sharing the knowledge for those that are interested. You can use any DOH provider you like.

  • @Xanza@lemm.ee
    link
    fedilink
    English
    3
    edit-2
    4 months ago
    Light + TIF                     https://sky.rethinkdns.com/1:AAkACAQA
    Normal + TIF                https://sky.rethinkdns.com/1:AAkACAgA
    Pro + TIF                 https://sky.rethinkdns.com/1:AAoACBAA
    Pro plus + TIF               https://sky.rethinkdns.com/1:AAoACAgA
    Ultimate + TIF              https://sky.rethinkdns.com/1:gAgACABA
    
    Light + TIF                 https://dns.dnswarden.com/00000000000000000000048  
    Normal + TIF                 https://dns.dnswarden.com/00000000000000000000028  
    Pro + TIF                 https://dns.dnswarden.com/00000000000000000000018  
    Pro plus + TIF               https://dns.dnswarden.com/0000000000000000000000o  
    Ultimate + TIF              https://dns.dnswarden.com/0000000000000000000000804  
    
    Light                https://freedns.controld.com/x-hagezi-light
    Normal                https://freedns.controld.com/x-hagezi-normal
    Pro                https://freedns.controld.com/x-hagezi-pro  
    Pro plus                https://freedns.controld.com/x-hagezi-proplus  
    Ultimate                https://freedns.controld.com/x-hagezi-ultimate
    TIF                https://freedns.controld.com/x-hagezi-tif
    

    Rethink DNS, DNS Warden, and ControlD with Hagezi blocklists via DoH/3. I highly recommend the ‘+ TIF’ as they are threat intelligence feeds which are up to date lists of bad actors/malware.

  • @const_void@lemmy.ml
    link
    fedilink
    34 months ago

    NextDNS has the ability to change the logging region to one that’s outside your governments jurisdiction

  • @carl_dungeon@lemmy.world
    link
    fedilink
    English
    24 months ago

    I use the cloudflare dns, but there are all kinds of adguard ones too. The Adguard app itself has a big list of options for the fallback.

    If you’ve never used adguard, check it out, it can run as a container or on a pi, you just point your router dns at it

  • @drspod@lemmy.ml
    link
    fedilink
    24 months ago

    In regards to all the answers in this thread, consider: If you’re not paying for it with money, then what are you paying for it with?

    The most private DNS is a recursive resolver.