Replies: 3 comments 4 replies
-
I'm using a Pi-hole for blocklists/filtering etc. and OpenDNS as upstream because it offers DNSSEC The Pi-hole setup is really easy. The website offers an easy to follow guide. You don't need a Raspberry Pi, you can run it on any server or even in a container (e.g. Docker) But what I think is equally important is having that DNS server enforced via DHCP. So, that every device in your network get's the treatment. For some Google devices you need to set static routes from Google DNS addresses to your DNS address. And with Pi-hole you can set specific block/allow-profiles to different devices. My GF's phone is the only device with (restricted) facebook access 😅 |
Beta Was this translation helpful? Give feedback.
-
Beside NextDNS, Quad9 is now fine too as they moved to Switzerland. |
Beta Was this translation helpful? Give feedback.
-
I am using the DNS server of my vpn provider in combination with adguard in a docker. |
Beta Was this translation helpful? Give feedback.
-
Hi guys! 👋
I usually behave like a 'smart guy' and answer questions in other discussions, but I decided to create one myself. 😉
I'm curious which DNS providers do you use, because I've been looking into the topic lately and cannot make up my mind which option is the best.
Cloudflare (1.1.1.1) looks nice, because it's the fastest available, BUT...
they don't block ads or trackers and are a US based company (and their CEO had some connections with Departament of Homeland Security!)
If you want something more private, then there is Quad9 (with recently moved to Switzerland), but they only block malicious domains and have (in my case) 6x worse performance than Cloudflare.
Other alternatives I would consider are NextDNS and AdGuard.
They block ads and trackers, offer pretty similar performance (in my case) being about 3x slower than Cloudflare with some significant differences:
As you probably noticed by now I'm deliberating between NextDNS and AdGuard and I'm curious if anyone here uses them and could say something about reliability/uptime/etc.
As for now I'm just using 1.1.1.1 and looking for an alternative...
UPDATE: Thank you all for your answers. I decided to give AdGuard a try. If I have a bad experience with them, I will keep you guys updated. 👍
UPDATE (04/14/2021): Today my "custom written" DNS over TLS .mobileconfig stopped working properly on my Mac and I had to switch to AdGuard's signed DNS over HTTPS profile... it's not a network issue on my end, because Android's native DoT implementation works just fine. I'm really puzzled and will dig into this issue in the near future. 😉
UPDATE (04/18/2021): Today DoT worked fine... just to stop resolving some sites again... I couldn't identify anything odd using Wireshark. Performance difference between DoT and DoH is practically negligible, but in theory DoT should be slightly faster (1) (2). Also, when using DoH, you need to be more cautious about your client's implementation as it could be 'leaking' your user-agent to the DNS server.
I would say that you probably would be better off just using DoH (at least on macOS; yet again I will emphasize that DoT on Android works correctly). And also, other DoT profiles seem to work correctly. Why when using AdGuard it happens only on some sites (only on Mac and only when using DoT) remains a mistery for me. Apart from that, I didn't encounter ANY downtimes and I can wholeheartedly recommend AdGuard DNS 👍
Beta Was this translation helpful? Give feedback.
All reactions