DNS & Browser question

[msigaming]

Hi there.

As suggested to me in another topic, I was using Control D DNS and it works great but the problem is that it blocks some websites for example Statcounter (OS Market Share) and other sites that aren't malicious. So I've switched to Cloudflare DNS and now those certain websites work. Before I've used DNS everything was slow on Firefox but not on Chrome/Chromium based browsers. Don't know why.

Anyways, I'm on Linux Mint with Chrome Browser and Cloudflare DNS. I've switched to Chrome as Firefox has this playback stutter-like issue until I rewind a video and forward it a couple a seconds and then it gets "stabilized" "fluent".

My question is, how safe are DNS servers, and which ones are you using that you can recommend me that don't block non-malicious sites? Don't get me wrong, Control D is great but when I want to access some sites they can get blocked even tho they aren't malicious.

[nachlese]

...
My question is, how safe are DNS servers, and which ones are you using that you can recommend me that don't block non-malicious sites? Don't get me wrong, Control D is great but when I want to access some sites they can get blocked even tho they aren't malicious.

What are non-malicious sites?
Likely the vast majority.
So:
who decides if a site is malicious?
... the DNS provider - who can implement filtering and blocking rules.

I prefer to use servers that don't block anything - I'd like to decide for myself which sites I can visit and which I don't want to see.
... google (8.8.8.8 and 8.8.4.4) and cloudflare (1.1.1.1 and one or two other IP's) and another large one who's name escapes me at the moment.

I tend to choose based upon speed/response time - but that's not so important if you have a DNS cache like dnsmasq running.

I don't know Control D - I didn't even look it up.
I will not even consider using a filtering/blocking DNS server
whatever virtuous goal they might have.

[Midnight True]

I was using Control D DNS and it works great but the problem is that it blocks some websites for example Statcounter (OS Market Share) and other sites that aren't malicious. So I've switched to Cloudflare DNS and now those certain websites work.

To my knowledge control D has several filters on their free tier, if you use 76.76.2.2 it uses filters which blocks malware and trackers. If you want to use unfiltered one, you can try 76.76.2.0 ... for more info please check this out https://controld.com/free-dns?

Before I've used DNS everything was slow on Firefox but not on Chrome/Chromium based browsers. Don't know why.

Firefox has a lot of customization, if you enable some privacy and security features it will indeed provide such feature on your system but at expense of speed. For example, if you are using Ublock origin and enable Disable pre-fetching (to prevent any connection for blocked network requests) this will block all prefetching and all sites will only load if you click on them. If you want to make firefox a little faster yet with decent privacy and security, i recommend to check this out plus fastfox.js https://github.com/yokoffing/Betterfox

My question is, how safe are DNS servers, and which ones are you using that you can recommend me that don't block non-malicious sites?

DNS severs are safe, the main issue is privacy, some DNS servers are required by law of the country they are registered with to share the data going in there serves if the government required told them to do so. Some share on 3rd party the data for monetary purposes. To my knowledge, the safest DNS are the one you paid with especially if it is by your VPN, because you are paying they will give you their best service with in the contract term, so better understand their privacy policy.
Regarding the free tier please check out the following sites for more info https://avoidthehack.com/best-dns-privacy and https://www.privacyguides.org/en/dns/

To my experience, the fastest DNS are https://adguard-dns.io/en/blog/adguard- ... esses.html unfortunately the free version has monthly limit and https://cleanbrowsing.org/filters/ ... please note that some offers filtering by default, this is essential to speed up your internet as the filtered domains are blocked on the dns resolver and thus not transmitted to your system

[t42]

To my experience, the fastest DNS are https://adguard-dns.io/...

Not for me, using DNS over TLS I have query time from AdGuard unfiltered DNS server about 25 time slower than from Google DNS server and about 8 times slower than Cloudflare DNS.

[TheyLive]

Uncensored version
https://controld.com/free-dns?freeResol ... lpPane=dns

[msigaming]

Ah, thanks for replies! Yeah I had edited settings in about:config in Firefox and had Ublock Origin with Privacy Badger and Decentraleeyes and Strict settings enabled too. Thanks for those DNS ips I didn't know they had other uncensored too.

[Midnight True]

Privacy Badger and Decentraleeyes

If i may suggest, i recommend removing these add-ons because you no longer need them especially Decentraleyes as it is no longer updated. You can try LocalCDN instead but to my experience it causes some issue when rendering some fonts on some sites so i ditch it too.

Aside from Ublock Origin, I personally use https://addons.mozilla.org/en-US/firefo ... /noscript/, https://addons.mozilla.org/en-US/firefo ... clearurls/ (Anti-URL tracking also enabling E-tag Filters is a must) and https://addons.mozilla.org/en-US/firefo ... -redirect/ (anti-website redirection) but if you do not want to complicate things you can skip NoScript and just use ublock Origin on Medium mode

[TheyLive]

I turned on DNS forwarding in Ubiquiti router = router is DNS server now.
I have cheap router with small memory therefore I limit DNS storage size to 1000 records (I play with it setting now).
Control D seems to working fine.

https://help.ui.com/hc/en-us/articles/1 ... nd-Options

Code: Select all

 show dns forwarding statistics
----------------
Cache statistics
----------------
Cache size: 500
Queries forwarded: 5419
Queries answered locally: 3826
Total DNS entries inserted into cache: 11702
DNS entries removed from cache before expiry: 163

---------------------
Nameserver statistics
---------------------
Server: 76.76.10.5
Queries sent: 3328
Queries retried or failed: 3

Server: 76.76.2.5
Queries sent: 3266
Queries retried or failed: 5

p.s.
Verify Control D

[majpooper]

I have been using my own pihole DNS server for years - and it is too easy to set up.

It is fine to decide which sites you want to visit and which you don't but the reality is you really have no idea what extraneous domains are being loaded in the back ground. The example pihole gives is:

most Websites are complex and actually load files, images, and videos from other places
so even though you only wanted to visit macworld.com, in the background, your computer is also asking a server where to find other domains like doubleclick.com, b.scorecardresearch.com, or images.techhive.com
often, these other domains are services used to display ads when you visit the webpage
so when you visit macworld.com, your computer is actually also visiting several other domains and downloading information from all of them

You can see what pihole is blocking and if you really want images.techhive.com, for example, to be loaded when you you go to macworld.com or anywhere esle then you can whitelist it.

The other benefit of pihole is because it is your DNS server and it blocks the these other domains before they are even loaded your browser is faster. Browser plug-in add blockers still allow the adds to be loaded they just hide them - again with pihole they are not downloaded in the first place.

[jackkileen]

I've been using Stubby and DNS over TLS for about a year now and all of those browsers work fine for the most part. Once in awhile, a Site may not open or load in one browser (usually FF) and have to open it in another browser.
I also use VPN's so they may cause problems on some Sites.

I have been using my own pihole DNS server for years - and it is too easy to set up.

Thx, going to check that out!

[t42]

I've been using Stubby and DNS over TLS for about a year now

I posted similar tutorial two years ago with addition of integrating dnsmasq and stubby . Also, regretfully, LinuxBabe in their popular tutorial failed to mention important stubby feature, round robin and upstream recursive servers set up.

[jackkileen]

I posted similar tutorial two years ago with addition of integrating dnsmasq and stubby . Also, regretfully, LinuxBabe in their popular tutorial failed to mention important stubby feature, round robin and upstream recursive servers set up.

I missed that last year when I was searching through the board, thx!