Which DNS is?

Which DNS is IQfy using? Are you using your IPS default, or a specific one that "respects your privacy"?

https://torrentfreak.com/google-cloudflare-cisco-will-poison-dns-to-stop-piracy-block-circumvention-240613/

Mike Stoklasa's Worst Fan Shirt $21.68

It's All Fucked Shirt $22.14

Mike Stoklasa's Worst Fan Shirt $21.68

  1. 4 weeks ago
    Anonymous

    The one that the rest of the world uses, controlled by the root servers

    • 4 weeks ago
      Anonymous

      holy fricking fpbp yet nobody here catched his point

      • 4 weeks ago
        Anonymous

        Explain it to me like I drive by myself with a mask on. Is his point that he hosts a DNS server himself?

        • 4 weeks ago
          Anonymous
    • 4 weeks ago
      Anonymous

      fpbp /thread
      everything else glows brighter than a billion galaxies

    • 4 weeks ago
      Anonymous

      qrd? explain it to me as if I'm moronic, even if it's a joke

  2. 4 weeks ago
    Anonymous

    Unbound on my router talks to the root servers. Pre-caches hints, root zone and queries / caches about 500 domains hourly. I disable / block DoH on my network.
    >inb4 but but but its port 443

    • 4 weeks ago
      Anonymous

      I still do not know how Unbound works and I am technically using it on my Raspberry Pi as the DNS for pihole. Thus it is one of those things that I am using but have 0 fricking clue how it works.

      • 4 weeks ago
        Anonymous

        you are just using unbound as a stub resolver.
        google is likely your actual resolver.
        https://docs.pi-hole.net/guides/dns/upstream-dns-providers/

        • 4 weeks ago
          Anonymous

          if i had 2 brain cells, i would probably have known it. Thank you for the info.

        • 4 weeks ago
          Anonymous

          if i had 2 brain cells, i would probably have known it. Thank you for the info.

          this is wrong. unbound doen't use another resolver. it IS a DNS.
          https://docs.pi-hole.net/guides/dns/unbound/

          • 4 weeks ago
            Anonymous
    • 4 weeks ago
      Anonymous

      mullvad dns on the go and unbound at home

      >unbound
      eternal morons in every fricking DNS thread, unbound still resolves from somewhere upstream, it doesn't just magically know
      unbound is not your DNS
      god damn it why do these tech illiterates post here

      • 4 weeks ago
        Anonymous

        >god damn it why do these tech illiterates post here
        never reply to them. they're not worth your time.

      • 4 weeks ago
        Anonymous

        >unbound is not your DNS
        What are you on about? Unbound IS his DNS if it's in resolver mode and not forwarding mode. If it's in resolver mode, it replaces any ISP or Google/CloudFlare namesever as his DNS. It then does the same thing those nameservers do but without their filtering: contact root servers and other authoritative name servers directly. His DNS is whatever performs general recursive resolution (vs. a stub resolver in libc or a DNS forwarder), and this will be Unbound if it's in resolver mode.

        • 4 weeks ago
          Anonymous

          if the court orders your isp to block those sites, why would your isp allow dns requests to the authoritative name server of those sites?

          • 4 weeks ago
            Anonymous

            also most of those pirate sites use cloudflare as their nameserver. cloudflare won't protect your site if you don't use them as your nameserver.
            those sites are dead without ddos protection. dns block or not.

          • 4 weeks ago
            Anonymous

            that court order already was executed but is geo-fenced to France
            # dig footybite.cc @8.8.8.8

            ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> footybite.cc
            @8.8.8.8
            ;; global options: +cmd
            ;; Got answer:
            ;; -<<- opcode: QUERY, status: REFUSED, id: 14528
            ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
            ADDITIONAL: 1

            ;; OPT PSEUDOSECTION:
            ; EDNS: version: 0, flags:; udp: 512
            ; EDE: 16 (Censored): (The requested domain is on a court
            ordered copyright piracy blocklist for FR (ISO country
            code). To learn more about this specific removal, please
            visit https://lumendatabase.org/notices/41606068.)
            ;; QUESTION SECTION:
            ;footybite.cc. IN A

            ;; Query time: 7 msec
            ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
            ;; WHEN: Sun Jun 16 19:24:29 CEST 2024
            ;; MSG SIZE rcvd: 243

            so cloudflare's dns resolver has to block the site now but cloudflare is still free to serve as the site's dns nameserver.
            incompetent court.

          • 4 weeks ago
            Anonymous

            >if the court orders your isp to block those sites, why would your isp allow dns requests to the authoritative name server of those sites?
            After the New Zealand shooting, when some ISPs went nanny mode and started temporarily blocking chan sites, there were two different ways they did it:
            1. Poison their own nameservers. This was easily bypassed by changing one's DNS to Google (8.8.8.8) or CloudFlare (1.1.1.1) or setting up one's own private nameserver like Unbound bro is doing. This poisoning is what this thread is about, except now Google and CloudFlare themselves may be required to do it. Unbound bro will still be fine.
            2. Filtering the sites at the IP level with a null route so that even if you manage to resolve the hostnames into a correct IP address somehow using a different DNS or your own private DNS, the traffic is still blocked. This will kill both those using Google/CloudFlare and also Unbound bro. He'd have to route his traffic through Tor, a proxy, a VPN, or something like that, preferably his own private OpenVPN instance in external IP space.

            ISPs can try your way and sniff all levels of cleartext DNS traffic for interception, which would affect Unbound bro, but they'd probably prefer option 2 so they can catch all the Google/CloudFlare DoH users too.

          • 4 weeks ago
            Anonymous

            >2. Filtering the sites at the IP level
            australian here. that NEVER happened. they only poisoned DNS and all the dumbfrick monkeys that had no idea what a dns was learned a new thing that day.
            >ISPs can try your way and sniff all levels of cleartext DNS traffic for interception
            good luck with "sniffing" encrypted dns. you don't really understand how useless and powerless internet providers actually are in australia and new zealand.
            >Google/CloudFlare DoH
            lmao. i really love you morons on this board. you always shill the most compromised cancer imaginable and you think you're geniuses. use dnscrypt or frick off with your lame as frick DoH joke.

      • 4 weeks ago
        Anonymous

        glow Black person hands wrote this. Unbound literally caches all the websites you visit locally on your machine at no point does it ask any other services for anything

        • 4 weeks ago
          Anonymous

          forward-zone:
          name: "."
          forward-addr: 8.8.8.8
          forward-addr: 8.8.4.4

          guess what this does

          • 4 weeks ago
            Anonymous

            no, you guess what this does

          • 4 weeks ago
            Anonymous

            it merely tells me that you use some kind of local dns resolver. likely just a stub resolver if configured like

            forward-zone:
            name: "."
            forward-addr: 8.8.8.8
            forward-addr: 8.8.4.4

            guess what this does

          • 4 weeks ago
            Anonymous

            are you Black folk pretending to be moronic? There are some paranoid anons here that don't use any DNS services at all by storing a few sites they use locally. You don't need a third party or your own DNS to browse web, holy shit the state of IQfy

          • 4 weeks ago
            Anonymous

            https://wiki.archlinux.org/title/Unbound#Forwarding_queries

          • 4 weeks ago
            Anonymous

            read

            >unbound is not your DNS
            What are you on about? Unbound IS his DNS if it's in resolver mode and not forwarding mode. If it's in resolver mode, it replaces any ISP or Google/CloudFlare namesever as his DNS. It then does the same thing those nameservers do but without their filtering: contact root servers and other authoritative name servers directly. His DNS is whatever performs general recursive resolution (vs. a stub resolver in libc or a DNS forwarder), and this will be Unbound if it's in resolver mode.

            >Unbound IS his DNS if it's in resolver mode and NOT forwarding mode

          • 4 weeks ago
            Anonymous

            >127.0.0.1#5335

        • 4 weeks ago
          Anonymous

          also that's why if you use your own DNS, initially opening a new site will be slower than using israelitegle or mosadflare. Your server has to find the web location by itself and store it for the next time.

          • 4 weeks ago
            Anonymous

            >initially opening
            >store it for the next time
            that's not how dns caching works.
            the default ttl for an authoritative nameserver is like 300 seconds. you can't cache shit.

          • 4 weeks ago
            Anonymous

            it stores the address until it doesn't work then it looks up where it's at again

          • 4 weeks ago
            Anonymous

            that's not how dns is supposed to work. using stale records and visiting old ip addresses is a security hole .

          • 4 weeks ago
            Anonymous

            I bet unbound has it's own system to do it safely but they nice change of topic homosexual

          • 4 weeks ago
            Anonymous

            there's no way to do it safely and serving stale records is off by default in unbound. you can at most serve a record that's stale for 3 days.
            https://man.archlinux.org/man/unbound.conf.5#serve

          • 4 weeks ago
            Anonymous

            all I see is some goal post moving homosexual at this point

          • 4 weeks ago
            Anonymous

            then show proof that using your own recrusive dns resolver would help in OPs case.
            looking at

            DoH literally was mentioned.
            root, tld, name servers talk only cleartext DNS, not DoH.
            DoH is something for recursive DNS resolver only.

            , a French ISP could just alter your DNS query since those are cleartext, or the French court could have ordered Cloudflare to not just filter their resolver but also their nameservers.

          • 4 weeks ago
            Anonymous

            how the frick should I know what french government has planned? will they publish documentation on how they will frick you over? if all those israelitecorp DNS servers are going to refuse to serve you IPs of nono sites then using your own DNS server is the best next move. I highly highly doubt your ISP will be able to block your server because that means monitoring every little fricking move and if by some glow Black person magic they manage to do it, I bet some third party forums or sites will give you a curated list of pirate websites you can access directly.

          • 4 weeks ago
            Anonymous

            remember why we do DNS over HTTPS?
            it's trivial for an ISP to just block all DNS queries. you won't be able to run your own recursive DNS resolver.

          • 4 weeks ago
            Anonymous

            we will see won't we? All this fear mongering is bad for your health

          • 4 weeks ago
            Anonymous

            you claimed
            >I highly highly doubt your ISP will be able to block your server because that means monitoring every little fricking move and if by some glow Black person magic they manage to do it
            which is just wrong.
            you don't need to do deep packet inspection to filter dns queries.
            a isp can just block port 53 and there won't be any dns queries. alternatively a isp could blackhole the dns root servers. ...

          • 4 weeks ago
            Anonymous

            >boohooo frog munchers are going to monitor ur shit maaaan better bend over and accept it dude! no way out they backdoor ur shit brew!
            Now you are trying to sound like some 1337 hacker

          • 4 weeks ago
            Anonymous

            we will see won't we? All this fear mongering is bad for your health

            it will be funny if in the end all they going to do is force corpo DNS servers to block some sites and leave it at that. Knowing how those fricks work even that will be a big feat.

          • 4 weeks ago
            Anonymous

            those pirate stream sites are run for-profit and rely on ad revenue.
            cutting their reach to only technical users that use their own dns resolver and thus also likely ad blockers will kill them.

          • 4 weeks ago
            Anonymous

            it's not like those sites are going to stick around, they change ips and domains like socks. If anything it will be expensive to keep up with the blacklist just because some frog eaters demand it. What people should truly fear is not some pirate sites being blocked but a europe/usa wide ISP whitelist enforced by law, now that's something to think about.

          • 4 weeks ago
            Anonymous

            Germany has been doing that for literal decades by now and the same streaming services are not just still around they're still the first fricking result on Google.
            Hell kinox, one of the larger ones, even got vanned 10 years ago and it's still operating today kek
            They want you to believe they're all powerful and it's all over but if that was the case this constant propaganda wouldn't be necessary.

      • 4 weeks ago
        Anonymous

        How much crack are you smoking? There is one single domain name system (DNS).

  3. 4 weeks ago
    Anonymous

    Quad9 on my router and then adguard on my devices. I want a reliable DNS available just in case adguard goes down, which does happen from time to time.

    • 4 weeks ago
      Anonymous

      https://controld.com/free-dns

      • 4 weeks ago
        Anonymous

        I’m actually using ControlD on my phone because it’s more aggressive with adblocking but it does feel slower than AdGuard.

        • 4 weeks ago
          Anonymous

          https://dnsspeedtest.online/

          I take security over speed but to each his own

          • 4 weeks ago
            Anonymous

            Same. I'd use the slowest DNS if it means it's not owned by a greedy israelite.

          • 4 weeks ago
            Anonymous

            who's the owner of controld?
            can't even find an address of that shell company.

            $ whois controld.com

            ...
            Registry Registrant ID:
            Registrant Name: Redacted for Privacy
            Registrant Organization: Privacy service provided by Withheld for Privacy ehf
            Registrant Street: Kalkofnsvegur 2
            Registrant City: Reykjavik
            Registrant State/Province: Capital Region
            Registrant Postal Code: 101
            Registrant Country: IS
            Registrant Phone: +354.4212434
            Registrant Phone Ext:
            Registrant Fax:
            Registrant Fax Ext:
            Registrant Email: [email protected]
            ...

          • 4 weeks ago
            Anonymous

            From LinkedIn

          • 4 weeks ago
            Anonymous

            >Windscribe
            so this is those vpn scammers next racket

          • 4 weeks ago
            Anonymous

            Dress up like a troony and stalk them, it would be hilarious

          • 4 weeks ago
            Anonymous

            what's with windscribe?

          • 4 weeks ago
            Anonymous

            https://gergelykalman.com/why-you-shouldnt-use-a-commercial-vpn-amateur-hour-with-windscribe.html

          • 4 weeks ago
            Anonymous

            colossal if substantiated

          • 4 weeks ago
            Anonymous

            not really
            i mean it would be great if the vpn provider apps were good, but as it stands only mouthbreathing morons use it over config file with wireguard/openvpn

    • 4 weeks ago
      Anonymous

      Quad9

      Quad9

      enjoy your uk police botnet

      • 4 weeks ago
        Anonymous

        >source: dude, trust me bro

        • 4 weeks ago
          Anonymous

          read the archives new friend

          • 4 weeks ago
            Anonymous

            I've been here longer than you newbie. The "London police" meme is 100% FUD.

          • 4 weeks ago
            Anonymous

            You're a massive poser

          • 4 weeks ago
            Anonymous

            see:

            > quad9
            > founded by police
            [...]
            source: quad9's own website that apparently nobody ever bothered to read. nice work, dunning kruger bro.

            it's completely legit, glowBlack person policeman. quad9 only exists because of law enforcement.

          • 4 weeks ago
            Anonymous

            Your screenshot proves jackshit other than your own mental moronation. Quad9 has a strict no-logs policy. Burden of proof is on you to show they have broken that policy (you won't because you have no proof).

          • 4 weeks ago
            Anonymous

            > some ramblings about no logs
            literally founded by police. logging or not it changes nothing. you're using a glowBlack person service.

            https://globalcyberalliance.org/quad9/
            https://globalcyberalliance.org/our-history/
            here's the links to their website. are you suggesting the people behind this organization are making up their own history? lmao.
            >The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
            who is having the mental break down? it isn't anons here on this board. when is the livestream suicide planned for, glowBlack person shill?

          • 4 weeks ago
            Anonymous

            >who is having the mental break down
            you are, take your meds
            https://www.quad9.net/privacy/compliance-and-applicable-law/

          • 4 weeks ago
            Anonymous

            > gets told it's run by police
            > NO IT'S NOT
            > proof is provided
            > NOOO I MEAN LOGGING!11
            > proceeds to deny it's run by police
            when is the livestream suicide planned for?

          • 4 weeks ago
            Anonymous

            Learn some basic logic. Nothing in your screenshot proves that Cyber Alliance runs Quad9. Do you even know how a fricking company works? It's literally 3 degrees of separation. You're making a connection between the London Metro police who has a relationship with GCA who then has a relationship with Quad9. This is fricking grasping at straws and you fricking know it.

          • 4 weeks ago
            Anonymous

            you are severely mentally ill anon

            > Nothing in your screenshot proves that Cyber Alliance runs Quad9
            > "GCA partnered with IBM and Packet Clearing House (PCH) to solve this problem. Both IBM and PCH share GCA’s goal to keep as many people on the Internet as safe as possible against malicious websites, phishing sites, or other malicious activity. Security, privacy, and performance drove the entities to develop the Quad9 DNS service."
            lmao. i can't ever imagine being this fricking moronic, shilling a service run by police and continually denying any association with police despite what their website says.

            you are severely mentally ill anon

            the only mentally ill people here are coping pedophile police men trying to do damage control for their honeypot for moronic coons. will you be livestreaming your suicide now or do we have to wait for more cope posts?

          • 4 weeks ago
            Anonymous

            >Nothing in your screenshot proves that Cyber Alliance runs Quad9.
            NTA, but he already linked the evidence in his previous post. I will spoonfeed you the link again so you don't have to scroll up:
            https://globalcyberalliance.org/quad9/

            On the page, it says:
            >GCA partnered with IBM and Packet Clearing House (PCH) to solve this problem.
            >Security, privacy, and performance drove the entities to develop the Quad9 DNS service.

            So by this logic, since Microsoft has partnered with IBM, and IBM contributed to Quad9, just like GCA, therefore, Microsoft runs Quad9.

            itt. glowies defending their honeypot dns quad9

            Let me know when you have some evidence champ.

          • 4 weeks ago
            Anonymous

            > mind: broken
            so far the pedophile police man has gone from:
            > no! it's not created by police
            to
            > nooo! i mean logging!
            to
            > by that logic
            https://globalcyberalliance.org/our-history/
            >The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
            absolutely mind broken: the pedophile policeman.

          • 4 weeks ago
            Anonymous

            It wasn't "created by the police" you fricking moron. GCA was a contributing partner, they didn't create it, nor are they a law enforcement agency, they are not the fricking police.

          • 4 weeks ago
            Anonymous

            MIND BROKEN PEDOPHILE PIGGY

          • 4 weeks ago
            Anonymous

            [...]

            Watching a mental breakdown like this literally convinces me to use a service I wouldn't otherwise have been interested in simply because the person attacking it is so woefully inept he's done nothing but make his "side" look uncredible and psychopathic.

          • 4 weeks ago
            Anonymous

            >Nothing in your screenshot proves that Cyber Alliance runs Quad9.
            NTA, but he already linked the evidence in his previous post. I will spoonfeed you the link again so you don't have to scroll up:
            https://globalcyberalliance.org/quad9/

            On the page, it says:
            >GCA partnered with IBM and Packet Clearing House (PCH) to solve this problem.
            >Security, privacy, and performance drove the entities to develop the Quad9 DNS service.

          • 4 weeks ago
            Anonymous

            you are severely mentally ill anon

          • 4 weeks ago
            Anonymous

            You are severely moronic and gay
            Everyone loves dead cops

          • 4 weeks ago
            Anonymous

            Do you cum when your dad fists you?

          • 4 weeks ago
            Anonymous

            [...]

            >The City of London Police
            So do they host secret DNS servers where you can resolve the website that lets you book a trip to Epstein island?

          • 4 weeks ago
            Anonymous

            [...]
            https://globalcyberalliance.org/quad9/
            >>The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
            > b.but.the swiss!
            changes nothing. doesn't change it's history, doesn't remove its founders from its history. law enforcement created quad9 alongside ibm and others. it's literally ran by police. no matter how hard you seethe it changes nothing. anons here were right to dunk on you. you're literally a glowBlack person doing damage control for a compromised dns.

            take your fricking meds schizo anon

          • 4 weeks ago
            Anonymous

            >yeah bro, it's just some silly old British tradition, nothing more!
            https://en.wikipedia.org/wiki/City_of_London#Economy

          • 4 weeks ago
            Anonymous

            [...]
            > pedophile police man is mad
            >https://globalcyberalliance.org/quad9/
            >>The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
            truly amazing work. i'll just disconnect from my secure and encrypted dns and setup a dns founded by police. brb.

            what we are witnessing here is advanced mental illness

          • 4 weeks ago
            Anonymous

            >The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
            no thanks, pedophile police officer. not using your compromised dns that has a tonne of evidence to support the claim. not enough medication in the world to cure your schizophrenia and pedophilia.

          • 4 weeks ago
            Anonymous

            That's right
            The Franklin cover up investigator died in a plane crash by chance
            The Satanic panic was the result of cops asking kids leading questions, not the work of a former FBI station chief Ted Gunderson
            Epstein was just swap gas
            Iraq had WMDs
            Trans women are women

          • 4 weeks ago
            Anonymous

            Pedo Piggy is Projecting

        • 4 weeks ago
          Anonymous

          > quad9
          > founded by police

          I'm currently using dns.watch but I'm planning to switch to a recursive resolver when I have time.

          source: quad9's own website that apparently nobody ever bothered to read. nice work, dunning kruger bro.

  4. 4 weeks ago
    Anonymous

    mullvad dns on the go and unbound at home

  5. 4 weeks ago
    Anonymous

    I'm currently using dns.watch but I'm planning to switch to a recursive resolver when I have time.

  6. 4 weeks ago
    Anonymous

    Quad9

  7. 4 weeks ago
    Anonymous

    I use my own dns lmao idgaf.

    • 4 weeks ago
      Anonymous

      >idgaf
      it's trivial for an ISP to see your dns queries.
      French ISPs will just hijack your queries to the authoritative nameserver.

      meanwhile your ISP can't MiTM your DoH requests to some third-party resolver.

      • 4 weeks ago
        Anonymous

        Ever heard of DNS over Https?

        • 4 weeks ago
          Anonymous

          DoH literally was mentioned.
          root, tld, name servers talk only cleartext DNS, not DoH.
          DoH is something for recursive DNS resolver only.

      • 4 weeks ago
        Anonymous

        I use dns over tls try again.

      • 4 weeks ago
        Anonymous

        isn't this literally the usecase for dnssec?

        • 4 weeks ago
          Anonymous

          no, dnssec signs the zone -- not the queries.
          so you mitm the query and strip dnssec.

  8. 4 weeks ago
    Anonymous

    Quad9

  9. 4 weeks ago
    Anonymous

    I mix it up a bit, depending on the device. Rethink, ControlD, DNS Warden, and AdGuard are all good choices for secure DNS. When I have no need for secure DNS, I'll generally use OpenNIC or OpenDNS.

  10. 4 weeks ago
    Anonymous

    >dnscrypt-proxy with nologging non-corporate dns servers

  11. 4 weeks ago
    Anonymous

    i use this

    curl -H "accept: application/dns-json" https://cloudflare-dns.com/dns-query?name=IQfy&type=A

  12. 4 weeks ago
    Anonymous

    >https://torrentfreak.com/google-cloudflare-cisco-will-poison-dns-to-stop-piracy-block-circumvention-240613/
    wouldn't those dns providers implement those blocks only for France?

    $ dig +short footybite.cc @8.8.8.8
    172.67.214.140
    104.21.61.207

    still works

    • 4 weeks ago
      Anonymous

      yes (for now)

    • 4 weeks ago
      Anonymous

      that court order already was executed but is geo-fenced to France
      # dig footybite.cc @8.8.8.8

      ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> footybite.cc
      @8.8.8.8
      ;; global options: +cmd
      ;; Got answer:
      ;; -<<- opcode: QUERY, status: REFUSED, id: 14528
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
      ADDITIONAL: 1

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 512
      ; EDE: 16 (Censored): (The requested domain is on a court
      ordered copyright piracy blocklist for FR (ISO country
      code). To learn more about this specific removal, please
      visit https://lumendatabase.org/notices/41606068.)
      ;; QUESTION SECTION:
      ;footybite.cc. IN A

      ;; Query time: 7 msec
      ;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
      ;; WHEN: Sun Jun 16 19:24:29 CEST 2024
      ;; MSG SIZE rcvd: 243

      • 4 weeks ago
        Anonymous

        >status: REFUSED
        >EDE: 16 (Censored): (The requested domain is on a court
        > ordered copyright piracy blocklist for FR (ISO country
        > code). To learn more about this specific removal, please
        > visit https://lumendatabase.org/notices/41606068.)
        does that really count as poisoning dns? that response isn't wrong.
        more an ux issue that your browser won't tell you that response and just not work.

      • 4 weeks ago
        Anonymous

        does this prevent a recursive resolver from using another server that isn't complying?
        seems like a meme to actually try and block shit at a DNS level.

        • 4 weeks ago
          Anonymous

          a recursive resolver wouldn't query another recursive resolver.
          dns works like this

          DoH literally was mentioned.
          root, tld, name servers talk only cleartext DNS, not DoH.
          DoH is something for recursive DNS resolver only.

          assuming you meant a stub dns resolver like systemd-resolved, systemd-resolved will try another recursive dns server if the first one refused to answer.

      • 4 weeks ago
        Anonymous

        It's been like this in Australia for years.
        Be careful, it might be fricking up search engines here. That's the REAL goal here.

        They want to disrupt search engines and make everything slower and harder to do. Overadaptation.

        • 4 weeks ago
          Anonymous

          >It's been like this in Australia for years.
          No Australia is limited to ISPs public DNS is a free for all. France is going after public DNS that's the whole point you big moron.

  13. 4 weeks ago
    Anonymous

    >will poison DNS
    Question anons. I don't pirate anything, but I use PiHole. Will this impact my Pihole's ability to adblock?

    • 4 weeks ago
      Anonymous

      no, not resolving some non-ad domains won't affect you

      • 4 weeks ago
        Anonymous

        Thanks, wanted to know if this change had more reach than the article implied, but my true understanding of the interworkings of DNS resolution beyond my router is limited to very summarized knowledge. I can only repay you for this info by learning more.

    • 4 weeks ago
      Anonymous

      Literal idiot

      Thanks, wanted to know if this change had more reach than the article implied, but my true understanding of the interworkings of DNS resolution beyond my router is limited to very summarized knowledge. I can only repay you for this info by learning more.

      Don't even bother. If you don't understand your own devices you shouldn't be messing around with your network.

    • 4 weeks ago
      Anonymous

      We need to filter people who don't understand fundamental networking concepts from IQfy

      • 4 weeks ago
        Anonymous

        Shut up you arrogant little c**t

        • 4 weeks ago
          Anonymous

          I'm not responsible for yours or anyone else's lack of knowledge. I just think we should have some barriers to entry for this board so we don't have to larp as the helpdesk of the Internet.

          • 4 weeks ago
            Anonymous

            See

            Do you cum when your dad fists you?

      • 4 weeks ago
        Anonymous

        post source where I can learn fundamentals

        • 4 weeks ago
          Anonymous

          https://www.cloudflare.com/learning/dns/what-is-dns/

      • 4 weeks ago
        Anonymous

        why dont you help us learn something if we are here and wanna learn huh

        • 4 weeks ago
          Anonymous

          Frick you Black person, not your personal army. No one here is your teacher, tech support, or benefits from you being smarter.

  14. 4 weeks ago
    Anonymous

    moron techlet here that pirates in the US because its piss easy and I'm poor
    what does this mean to me in simple terms

    • 4 weeks ago
      Anonymous

      americans don't watch soccer.
      blocking some pirate soccer streams won't affect them.

    • 4 weeks ago
      Anonymous

      Any DNS server ran by those companies have been court ordered to block piracy sites. If you try to go to the Pirate Bay for example, you’ll see an error message that the website can’t be found if you use these DNSes.

      • 4 weeks ago
        Anonymous

        the court order doesn't mention tpb.
        it's just pirate soccer streams.

        • 4 weeks ago
          Anonymous

          rip allah stream
          /f1/ wont be happy

  15. 4 weeks ago
    Anonymous

    I'm using Cloudflare currently. Before that I used OpenDNS, and my og was Google DNS.

    I'm happy with Cloudflare for now, but if they start acting sus I'll switch to self hosted or NextDNS.

    • 4 weeks ago
      Anonymous

      cloudflare dns is shit and can't resolve one of the biggest archive site.
      https://en.wikipedia.org/wiki/Archive.today#Cloudflare_DNS_availability

      • 4 weeks ago
        Anonymous

        It works here for some reason.

        • 4 weeks ago
          Anonymous

          Maybe he finally decided to stop blocking it.

      • 4 weeks ago
        Anonymous

        cloudflare is verified glowBlack person operation. It is literally a man in the middle attack system.
        https://unixdigest.com/articles/stay-away-from-cloudflare.html
        https://blog.ononoki.org/say-no-to-cloudflare/
        By using cloudfare and google's dns you are literally giving them all of your data. Every single bit.

        • 4 weeks ago
          Anonymous

          Those are valid concerns too, but there are two ways people use CloudFlare DNS:
          1. They have a website on their own domain and set the NS records for their domain to CloudFlare servers for DDoS protection, performance, and such. Your articles are about this situation.
          2. Home users set their DNS to CloudFlare's 1.1.1.1 or whatever for general DNS resolution as an alternative to their ISP DNS. This is where the poisoning mentioned in OP is being applied.

          • 4 weeks ago
            Anonymous

            >This is where the poisoning mentioned in OP is being applied.
            This is the main point. They were always poisoned.

  16. 4 weeks ago
    Anonymous

    I keep a list of IP addresses in a notebook on my desk and type in the numbers

  17. 4 weeks ago
    Anonymous

    They're trying to hard. Luckily it's just stuff that I don't care about like sports streaming.
    Also, there will always be a way to pirate. No matter how hard they try, there will always be a champion behind his computer to give people what they deserve.

  18. 4 weeks ago
    Anonymous

    I USE quad9 OR MY OWN.

  19. 4 weeks ago
    Anonymous

    Cloudflare

  20. 4 weeks ago
    Anonymous

    quad9

  21. 4 weeks ago
    Anonymous
    • 4 weeks ago
      Anonymous

      >sports streaming
      Don't care.

      • 4 weeks ago
        Anonymous

        No one cares if you care or not, motherfricker

        • 4 weeks ago
          Anonymous

          Just as no one cares if you care or not.

    • 4 weeks ago
      Anonymous

      >sports
      My IQ is above room temperature, so I don't care.

      • 4 weeks ago
        Anonymous

        >breaking dns fundamentals is okay because it's only for stuff i don't care about
        low-iq take

    • 4 weeks ago
      Anonymous

      >Paris olympics coming up
      looks like the hooked nose clan are preparing for it

      • 4 weeks ago
        Anonymous

        that makes zero sense.
        all of the olympics get broadcasted for free in france.
        olympic soccer is a minor tournament and nations aren't allowed to send a team full of senior players.

        • 4 weeks ago
          Anonymous

          >broadcasted for free in france.
          With ads

          • 4 weeks ago
            Anonymous

            pirated soccer streams do not cut ads either. they stream as-is.

          • 4 weeks ago
            Anonymous

            Yeah but that doesn't count towards their metrics ya idiot

          • 4 weeks ago
            Anonymous

            so you are saying advertisers get to advertise for free? advertisers will like this.

          • 4 weeks ago
            Anonymous

            For all intents and purposes the amount of people seeing it for free is 0 and taking away from the metrics you're dumb

  22. 4 weeks ago
    Anonymous

    I use a recursive (read actual) DNS server with DNSSEC like any sane human

    • 4 weeks ago
      Anonymous

      I use dns over tls try again.

      Okay, honest question, how does that work out for you? Because as far as I know there's currently no standard way for opportunistic DoT, so when you use DoT, you just fail to query servers not supporting it. Similarly for spotty DNSSEC support. It's good in principle, but surprisingly many domains break then (including AWS shit I needed for work, which was fricking annoying). Is it just how it is, or was I a moron and had misconfigured something.

      • 4 weeks ago
        Anonymous

        I have literally no issue, i host a dns server on my vps and i connect to it with systemd resolved using the dns over tls option.

        Dnssec is a lot more annoying.

        • 4 weeks ago
          Anonymous

          Also dot is just how you talk to your server, it has nothing to do with the actual resolving, dnssec can frick it up though but you can set it to be opportunistic though at that point you may as well disable, I'm 99% sure your issue was with dnssec which is optional, you can still do dns over tls, or even just self host your dns server on localhost even.

          We're talking about two different things - you're talking about DoT between your PC and your DNS server and I'm talking about DoT between my DNS server and authoritative DNSes it recurses against. I'm reasonably sure that at least part of my failures were just due to those authoritative servers not supporting DoT, but then again I'm not a networking whizz.

          • 4 weeks ago
            Anonymous

            Authoritative servers don't use TLS.

          • 4 weeks ago
            Anonymous

            Facebooks' authoritative name server does support DoT

          • 4 weeks ago
            Anonymous

            Ackchually, b does TLS: http://b.root-servers.org/news/2023/02/28/tls.html. I kind of assumed more do, but can't find anything to confirm it. Now I wonder what unbound ended up actually doing when I set it up to be recursive and forced TLS...

          • 4 weeks ago
            Anonymous

            If you forced TLS to all authoritative servers and root servers then most sites would be broken. Likely your resolver is trying TLS then falling back to unencrypted and caching that. In bound use unbound-control dump_infra to see what it knows. Maybe .0000001% of name servers support TLS currently. I would love to see that change. It was hard enough getting people to support EDNS. https://www.dnsflagday.net/2020/

          • 4 weeks ago
            Anonymous

            >Maybe .0000001% of name servers support TLS currently. I would love to see that change.
            why? describe your threat model.
            all those TLS handshakes will just add latency. GFW won't be defeated by it.

          • 4 weeks ago
            Anonymous

            >why?
            Doesn't matter. It would be 100% optional, just as DoH/DoT are 100% optional. People can decide what their threat model is. I don't care about the GFW, frick China.

          • 4 weeks ago
            Anonymous

            who can guarantee that it will be optional?
            cloudflare will gladly take this opportunity to centralize even more parts of the internet and make tls mandatory.

          • 4 weeks ago
            Anonymous

            Cloudflare has no control over name servers or the root servers. The only reason they get any attention at all is they bribed Google and Mozilla to make them a default choice for DoH, a protocol that never should have existed in the first place. It has no bearing on privacy and is all about slurping up peoples habbits and once it reaches critical mass will be used to censor shit.

          • 4 weeks ago
            Anonymous

            >Cloudflare has no control over name servers
            this site here literally uses cloudflare's name server.
            if you want cloudflare's ddos protection, you have to use their name servers.
            >or the root servers
            wrong again:
            https://blog.cloudflare.com/f-root/

          • 4 weeks ago
            Anonymous

            >if you want
            Like I said, optional. IQfy does not need Cloudflare, it's just an easy way to make law enforcement happy.

            >https://blog.cloudflare.com/f-root/
            Yes they participate in the Anycast clusters, replicating the root records. They have zero control over them. If they tamper with records, meaning their Anycast node does not match the thousands of others, including the one I run, they will be removed from the anycast membership and publicly shamed by many, including me.

          • 4 weeks ago
            Anonymous

            >I run, they will be removed from the anycast membership and publicly shamed by many, including me.
            cloudflare doesn't give a shit.
            cloudflare literally "broke" https for millions of sites and was forgiven.
            https://en.wikipedia.org/wiki/Cloudbleed

          • 4 weeks ago
            Anonymous

            >cloudflare doesn't give a shit.
            Tampering with root records would get them sued into oblivion. Their CEO may not care but their CFO most certainly would. Their attitude would change instantly.

          • 4 weeks ago
            Anonymous

            where were all those suits related to Cloudbleed?

          • 4 weeks ago
            Anonymous

            That is not a valid comparison. More valid would be when VeriSign was absorbing typos for money and they did risk going out of business. That stopped real fast.

          • 4 weeks ago
            Anonymous

            Remember how tls became mandatory for http? Same thing will happen DNS.
            Centralize all the power to the CAs (DoT, DNSSEC). You can forget about self-signing any certs.

          • 4 weeks ago
            Anonymous

            DNS operators are generally against anything that adds server load or breaks backwards compatibility.
            https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf

          • 4 weeks ago
            Anonymous

            Yeah, at first I assumed it can do it opportunistically, then learned from https://github.com/NLnetLabs/unbound/issues/1014 it's a very early draft that's not even implemented and since it was mostly working with only some pages breaking (and errors I've seen in log were mostly connection issues), I just kind of assumed that DoT is more widespread for roots/authoritatives than it is. But now that I learned that's not the case, I guess I'll have to figure out what it was actually doing... ugh, feeling like a moron now.

          • 4 weeks ago
            Anonymous

            >very early draft
            It's great that they started the work. It will be needed some day if all the authoritative servers start enabling opportunistic TLS. It would only take a couple popular projects to get it going. If NSD and ISC Bind enabled opportunistic TLS that would cover a big chunk of the internet once everybody updated to the version that supported it and assuming they all opened TCP to their name servers. It could happen.

      • 4 weeks ago
        Anonymous

        Also dot is just how you talk to your server, it has nothing to do with the actual resolving, dnssec can frick it up though but you can set it to be opportunistic though at that point you may as well disable, I'm 99% sure your issue was with dnssec which is optional, you can still do dns over tls, or even just self host your dns server on localhost even.

  23. 4 weeks ago
    Anonymous

    https://www.lifewire.com/free-and-public-dns-servers-2626062

  24. 4 weeks ago
    Anonymous

    Self hosted dns has to be one of the easiest things to self host

  25. 4 weeks ago
    Anonymous

    firefox does whatever the frick it wants + my isp is monitoring all of my traffic actively

    • 4 weeks ago
      Anonymous

      > my isp is monitoring all of my traffic actively
      you better be using vpn, mate.

  26. 4 weeks ago
    Anonymous

    Adguard DNS.

  27. 4 weeks ago
    Anonymous

    Яндeкc DNS Family, because it's fast on my end. Botnets, frauds, porn and malware filtered.
    # DoT
    DNS=77.88.8.7#family.dot.dns.yandex.net

  28. 4 weeks ago
    Anonymous

    I use nextdns. I know the owners are israelites but I trust them... for now.

  29. 4 weeks ago
    Anonymous

    I don't fully understand how networking works, I just use mobile internet through a USB modem, monitor traffic with Wireshark, and use ungoogled-chromium w/ uBlock and hope for the best.

    • 4 weeks ago
      Anonymous

      read up on the basics when you have time, just look up terms and acronyms you don't recognize so you can slowly learn over time

  30. 4 weeks ago
    Anonymous

    Currently 1.1.1.2 DoH. Pihole asks ubuntu server instance running their doh client. If they start doing this shit hear I'll change to a different service. As much as I hate cf, their dns service has been reliable.

  31. 4 weeks ago
    Anonymous

    i use mullvads dns, cant be any worse than my isps dns

  32. 4 weeks ago
    Anonymous

    What about OpenNic DNS servers?
    Anyone use them?
    https://servers.opennic.org/

  33. 4 weeks ago
    Anonymous

    itt. glowies defending their honeypot dns quad9

  34. 4 weeks ago
    Anonymous

    >ctrl+f
    >0 mentions of bind
    wtf?

    • 4 weeks ago
      Anonymous

      you expect too much from people on here

  35. 4 weeks ago
    Anonymous

    The one provided by my VPN.

  36. 4 weeks ago
    Anonymous

    i am so tired of actually worthless garbage like being allowed to have such significant knock-on affects
    fricking live sports games should not be allowed to interfere with things like communications protocols and the foundation of the internet
    it doesn't matter if they're being pirated, at all
    it disgusts me that the entertainment industry is even a part of the conversation around IP law, it was created to protect innovation, i.e. not entertainment not act as welfare for artists and the parasites who feed off them
    the financial well-being and even the lives of all literally all the stakeholders involved here are so many orders of magnitude less important than what they're interfering with they shouldn't even be allowed to begin bringing a case to court

    • 4 weeks ago
      Anonymous

      you are missing the big picture.
      those pirate sites are impossible to take down because they hide behind cloudflare.
      cloudflare is the tla's crown israeliteel. cloudflare allows to decrypt most traffic despite tls.
      it's a national security issue. breaking dns while being able to keep tabs on most traffic is a good trade-off. the well-being and lives of all u.s. citizens are at stake.

    • 4 weeks ago
      Anonymous

      intellectual property is basically all the west can create. that's the real reason you see this insane shit and stuff like copyright duration constantly being increased.

      • 4 weeks ago
        Anonymous

        they don't even create that anymore, they just buy up old IPs bastardize the shit out of them, release them and then sell them off to the next international mega corp to rape and pillage into the ground. Or they just recycle the same dogshit for literally 20 years like the video game industry does.

  37. 4 weeks ago
    Anonymous

    I'm in France so ISP DNS have been plagued by this shit for ages, this new ruling is just trying to extend to third party DNS. Given how intent our leaders are on turning the internet into a censored surveillance state, I'd rather keep using foreign servers tbh.

    • 4 weeks ago
      Anonymous

      why not take down the website instead of blocking?

      • 4 weeks ago
        Anonymous

        'Cause the sites aren't hosted here, so the most they can do is block it in some way, and the way they've picked is DNS blocks. So far, the blocks only had to be implemented by French DNS providers (mostly our ISPs), but this case might be setting a dangerous precedent. I don't know to what extent they can enforce this shit though, DNS providers who don't do business in France might be untouchable.
        That's far from the worst shit they've done, last law they've passed on the subject intends to force web browsers to implement a police-defined blacklist you can't disable and create a state-controlled "e-ID" for age checks on porn sites (our lawmakers are seemingly clueless that this nonsense already failed in the UK).

        • 4 weeks ago
          Anonymous

          >web browsers to implement a police-defined blacklist you can't disable

          Peak pig stupidity. Any binary running on my comp can be altered by me at will. Or I can just recompile without the malware.

          • 4 weeks ago
            Anonymous

            cloudflare is planning to ban all clients that they cannot attest. say goodbye to the vast majority of websites with your non-attested comp.
            https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/

          • 4 weeks ago
            Anonymous

            i wish homie would so i can just stop using the internet

          • 4 weeks ago
            Anonymous

            >https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/
            what an absolute moronation
            AND AS I TRY TO POST THIS I HAVE TO CLICK ON CLOUDFLARE CAPTCHA
            NUKE CLOUDFLARE

          • 4 weeks ago
            Anonymous
          • 4 weeks ago
            Anonymous

            >let's pretend that google didn't recently try to push this through for chrome
            https://en.wikipedia.org/wiki/Web_Environment_Integrity

          • 4 weeks ago
            Anonymous

            Maybe post bomb threats to them.
            That might convince them to stop.

        • 4 weeks ago
          Anonymous

          but see

          [...]
          so cloudflare's dns resolver has to block the site now but cloudflare is still free to serve as the site's dns nameserver.
          incompetent court.

          if you can order cloudflare to block those sites in their dns resolver, you can also order cloudflare to cease ddos protecting to those sites.
          removing their ddos protection is basically taking them down and doesn't interfere with dns.

          • 4 weeks ago
            Anonymous

            >removing their ddos protection is basically taking them down and doesn't interfere with dns.
            how long until piracy sites just move onto something like IPFS
            when most public trackers are just a lose collection of magnet links anyway, you really wouldn't need anything more

          • 4 weeks ago
            Anonymous

            God I hope so. Either go full web 3.0 or embrace the autism of boomer BBS/usenet shit.

          • 4 weeks ago
            Anonymous

            ipfs devs are one of the most incompetent devs there are. they produce the most bloated protocols.
            so ipfs basically gave up on their alternative to dns and went back to dns.
            https://docs.ipfs.tech/concepts/dnslink/#publish-content-path

          • 4 weeks ago
            Anonymous

            that's unfortunate
            I tried IPFS personally for the Library Genisis some time ago and found it too complicated, I assumed the user-facing tools would just get better eventually, but that doesn't inspire confidence
            I know Anna's Archive recently ditched IPFS in favor of torrents for hosting their library due to issues they ran into with the protocol

  38. 4 weeks ago
    Anonymous

    I use Quad9

  39. 4 weeks ago
    Anonymous

    Cloudflare is literally destroying the free internet.

    • 4 weeks ago
      Anonymous

      >the free internet
      never existed

      • 4 weeks ago
        Anonymous

        Well it did until it was monopolised.

  40. 4 weeks ago
    Anonymous

    I have 3 kids and I use cloudfare DNS on my router to block shady shit. It does a pretty good job, but I do have to create a unique ip host exception to browsw IQfy from my computer.

    Are there any glowBlack person free DNS services that also block immoral shit websites for children?

    • 4 weeks ago
      Anonymous

      Easiest way to deal with this is to use Unbound on your network to have your own personal overrides for anything you don't like. There are some lists of domains but immoral is subjective so you would have to review them.

      Then configure Unbound to forward requests to cloudflare using DoT. Most of them are not compiled to do DoH unless you want to recompile it yourself.

      So Unbound filters what you deem immoral, then lets Cloudflare handle the rest.

    • 4 weeks ago
      Anonymous

      adguard, controld and nextdns

      • 4 weeks ago
        Anonymous

        Thanks anon. I installed and am running AdGuard Home. I included all these black lists for the ads and that seems to work fine. The problem is that when I enter a porn site in the url directly, it still goes through fine. From my googling, adguard only blocks ads from those sites and not the sites themselves. Is there a way to configure adguard home to block the URLS themselves from being accessed? Cloudfare 1.1.1.3 does this but it also blocks IQfy which is a deal breaker and I dont see how to create rule exceptions from cloudfare.

        I know its something simple, but all the "block adult content" checkboxes have already been checked.

        Even doing it manually doesn't work; adguard says its blocked, but when I open it in a browser it works. Pic related (pornhub.com)

        • 4 weeks ago
          Anonymous

          meant their hosted dns resolver, not adguard home:
          https://adguard-dns.io/kb/general/dns-providers/#family-protection

          • 4 weeks ago
            Anonymous

            Ok. So blocking sites is not possible with the adguard home docker. That makes sense. I tried everything to fix it. Oh well, it sure as frick blocks ads from all my devices. Got sick and tired of my nvidia shield advertising scary movies on the home screen.

          • 4 weeks ago
            Anonymous

            adguard home is perfectly capable of blocking sites:
            https://adguard-dns.io/kb/adguard-home/faq/#doesntblock

          • 4 weeks ago
            Anonymous

            I must have fricked up somewhere. Adguard is getting the traffic from my router, and blocking ads. Shows like several thousand DNS requests so the router <-> adguard server is talking fine. Its just not actually blocking those websites. Tried it with Edge, Chrome and Brave so I know its not a browser issue. I specifically put say www.pornhub.com in the rules list and nada. Still opens on all browsers. Is there a "I actually fricking mean it setting" on adguard home?

          • 4 weeks ago
            Anonymous

            follow the actual instructions on that site.
            what's `nslookup` saying?

          • 4 weeks ago
            Anonymous

            I figured it out. I bought this thing used years back and apparently the original user had installed some kind of adblock from the cli console that was overriding all the main settings of the edgerouter DNS forwarding. doing the nslookup was defaulting to my 192.168.1.1 no matter what.

            https://community.ui.com/questions/DNS-Adblocking-and-Blacklisting-dnsmasq-Configuration-Integration-Package-v1-2-4-9/eb05f1b2-5316-4a80-8221-5e8b02575da4

            Funny even factory resetting doesn't override CLI level processes. I had to update the root OS on the Edgerouter. Everything works great now and my kids are safe a little longer from degens like IQfy.

            Appreciate the help tbh. Buying used has its pitfalls.

          • 4 weeks ago
            Anonymous

            Why would you ever buy used, they're like $60 and last years. Just make sure to get one that's compatible with OpenWRT (or equivalent) and you can do anything you can think of with them.

          • 4 weeks ago
            Anonymous

            edgerouter is a specific prosumer router.
            her edgerouter-4 costs $200 new:
            https://store.ui.com/us/en/pro/category/wired-edge-max-routing/products/er-4

          • 4 weeks ago
            Anonymous

            I guarantee you OpenWRT can do everything you can do with that, besides maybe shit like MPLS or BGP, which you wouldn't be using on a home router anyway. Hell OpenWRT might even be able to do that stuff.

          • 4 weeks ago
            Anonymous

            bullshit.
            it's not the software, but hardware.
            that's an actual router. not some consumershit "router" where one port is routed and the other ports are just switched.

          • 4 weeks ago
            Anonymous

            >where one port is routed and the other ports are just switched.
            It's setup that way because that's what makes sense for a home network. Pretty much every home router lets you setup multiple networks if you want. And if it doesn't OOTB, it's probably just the software hiding it from you and OpenWRT will let you.

            You hardly need actual routing for a home network because all your doing is sending everything to the ISP's router, not a dozen different corporate locations and cloud instances. And if you do want to setup stuff like a VPN, http proxy, DNS ad blocking, etc you can absolutely do that with OpenWRT.

            Using an edge router for a home router is like using a 2U server as a NAS. You're not gonna get much more out of it than an optiplex stuffed with harddrives.

          • 4 weeks ago
            Anonymous

            >her
            Jesus bro that wasn't Nice. My request for help was civilized and courteous.

            I think the Edgerouter4 is great so far. Have two access points wired in my 5,000 SF house. I bought it used during Covid because for whatever reason that shit was sold out. I hate all the spider looking consumer routers.

            As for OpenWRT, I stay away from that shit since all the DDWRT days. I'm old kid and seen some shit. The problem with open source software like this is mission creep; some fat nerd wants his router to do his taxes or some shit and then induces all these bugs into the software trying to do this and creating all kinds of upgrade versions. I'm sure its great and all that, but I guarantee you it requires babysitting.

            I got cynical after I bought my idiot parents an Airport router. Thing just werks and has continued to work for like 15 years without even a reboot. No way OpenWRT can claim that shit.

            >where one port is routed and the other ports are just switched.
            It's setup that way because that's what makes sense for a home network. Pretty much every home router lets you setup multiple networks if you want. And if it doesn't OOTB, it's probably just the software hiding it from you and OpenWRT will let you.

            You hardly need actual routing for a home network because all your doing is sending everything to the ISP's router, not a dozen different corporate locations and cloud instances. And if you do want to setup stuff like a VPN, http proxy, DNS ad blocking, etc you can absolutely do that with OpenWRT.

            Using an edge router for a home router is like using a 2U server as a NAS. You're not gonna get much more out of it than an optiplex stuffed with harddrives.

            I can't speak to whether its better than OpenWRT but people I respect all recommended the ER4 when I asked. I llike the UI and despite this glitch with DNS blocking, its been flawless.

    • 4 weeks ago
      Anonymous

      https://controld.com/free-dns?freeResolverType=family&helpPane=dns

      • 4 weeks ago
        Anonymous

        what are those controld native filters based on?
        oisd nsfw?

      • 4 weeks ago
        Anonymous

        what are those controld native filters based on?
        oisd nsfw?

        that's using a strict ad blocking list.
        their documentation says this about strict:
        >Strict - Will block all known Ad and Tracking domains, regardless of it breaking some websites and services that force you to load trackers. Use this if you're OK with making bypass rules to work around these blocks.
        since you aren't paying, you can't make any bypass rules. so avoid.

  41. 4 weeks ago
    Anonymous

    Ok and thank you. I understand immoral is subjective but cloudfare does a pretty good job. I understand you can never get 100% protection, but 99% is good enough. It just take one secular kid with a phone at your house to frick your kids up good / early.

    My other question is, that my ubiquiti edgerouter4 does the DDNS easy by setting it in their OS. For example, 1.1.1.3. Easy peasy.

    Is there an advantage in using AdGuard home on my truenas server over the Ubiquit router?

  42. 4 weeks ago
    Anonymous

    I just switched from 1.1.1.1 to Quad9

  43. 4 weeks ago
    Anonymous

    Please stop submitting unreliable sources, such as those that disable comments.

  44. 4 weeks ago
    Anonymous

    Oh I see, they can't let the Caledonians know things.
    Typical fricking French pigs.

    • 4 weeks ago
      Anonymous

      At least we didn't made the NSA.

  45. 4 weeks ago
    Anonymous

    ControlD
    it's like NextDNS but not in maintenance mode https://controld.com/

    • 4 weeks ago
      Anonymous

      >NextDNS but not in maintenance mode
      whats that mean

      • 4 weeks ago
        Anonymous

        NextDNS isn't getting new features and the blocklists aren't really maintained as well. ControlD gets updates every 2-4 weeks since it's actively developed for.

        Also if you get a stacksocial deal you can get $10/yr for life by upgrading to another plan at the end of your five year term so it's cheaper too.

    • 4 weeks ago
      Anonymous

      So Adguard but worse

      • 4 weeks ago
        Anonymous

        worse how?

  46. 4 weeks ago
    Anonymous

    1.1.1.1

  47. 4 weeks ago
    Anonymous

    [...]

    https://globalcyberalliance.org/quad9/
    >>The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
    > b.but.the swiss!
    changes nothing. doesn't change it's history, doesn't remove its founders from its history. law enforcement created quad9 alongside ibm and others. it's literally ran by police. no matter how hard you seethe it changes nothing. anons here were right to dunk on you. you're literally a glowBlack person doing damage control for a compromised dns.

    • 4 weeks ago
      Anonymous

      Not seething since I was buck broken.

      • 4 weeks ago
        Anonymous

        [...]
        take your fricking meds schizo anon

        > pedophile police man is mad
        >https://globalcyberalliance.org/quad9/
        >>The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
        truly amazing work. i'll just disconnect from my secure and encrypted dns and setup a dns founded by police. brb.

  48. 4 weeks ago
    Anonymous

    Good thread.
    Have just finished reading the whole lot.

    • 4 weeks ago
      Anonymous

      Same here. DNS is fascinating stuff.

  49. 4 weeks ago
    Anonymous

    Happy to see ControlD being talked about. When I started using it no one knew wtf it was.

    • 4 weeks ago
      Anonymous

      which config are you using?
      how many false positives?

  50. 4 weeks ago
    Anonymous

    Privacy doesn't matter just give up already and use Quad9 DNS™ no loicence required
    https://www.quad9.net

  51. 4 weeks ago
    Anonymous

    [...]

    Thank you, Quad9 anon

    • 4 weeks ago
      Anonymous

      [...]
      Thanks anon

      > same gayging this hard
      the absolute maximum levels of mental illness of pedophile police officers doing damage control for their honeypot
      >>The Global Cyber Alliance is founded as a nonprofit by a partnership of law enforcement and research organizations
      lmao.

      • 4 weeks ago
        Anonymous

        Insufferable anon, I do not respect you and you are not looked upon as intelligent.

  52. 4 weeks ago
    Anonymous

    [...]

    Thanks anon

  53. 4 weeks ago
    Anonymous

    [...]

    If you are still here, I want to know what the incentive is for Quad9 to exist. I'm not trying to be malicious, rather I'm just curious.

  54. 4 weeks ago
    Anonymous

    [...]

    Very good info, thank you.

  55. 4 weeks ago
    Anonymous

    Since everyone is sharing their favorite DNS resolvers, let me post the one I use
    https://dnsforge.de/

  56. 4 weeks ago
    Anonymous

    Ironically enough cuckflare lets me access rutracker which is otherwise blocked

    • 4 weeks ago
      Anonymous

      most public dns i know of connect to it. people using cloudflare and google are profoundly fricking moronic.

  57. 4 weeks ago
    Anonymous

    [...]

    [...]
    Thanks anon

    [...]
    Very good info, thank you.

    [...]
    Thank you, Quad9 anon

    Actually glowing

    • 4 weeks ago
      Anonymous

      Don't care; still using Quad9

  58. 4 weeks ago
    Anonymous

    >started to mess around with dns
    >every webpage loads so slow now
    >still not sure if my ISP can see my shit or not
    >ads were blocked by ublock origin so not sure why adblocking via dns is needed

    pictures and videos load significantly slower now for some reason. i thought the whole point of blocking ads were so that websites would load faster

    all i used was nextdns and turned on some blocklist

    i even used quad9 dns for my pc via the wifi setting while nextdns is only via my web browser
    what gives man
    starting to feel like the mantra if it aint broken, dont fix it is at play here

    • 4 weeks ago
      Anonymous
    • 4 weeks ago
      Anonymous

      >pictures and videos load significantly slower now for some reason.
      are those still served from the same ips?
      your isp's dns could give some different ips for which your isp has better routing.
      your isp's dns could give some hidden ips to their cache servers.

  59. 4 weeks ago
    Anonymous

    [...]

    Not sure if bot post or simply a curryBlack person shilling
    Either way frick off

  60. 4 weeks ago
    Anonymous

    [...]

    [...]
    Thank you, Quad9 anon

    [...]
    Thank you, Quad9 anon

    [...]
    Thanks anon

    thanks uk police gpt bots, very cool!
    i wouldnt be surprised if those bongs had shilling bots running here, perhaps this is direct proof

    • 4 weeks ago
      Anonymous

      >anon thinks I'm a UK bot
      Not even meds can save you now

  61. 4 weeks ago
    Anonymous

    I'm so fricking tired of keeping up with all new ways of putting me in a pod and making me eat bugs, will it ever stop?

    • 4 weeks ago
      Anonymous

      no

    • 4 weeks ago
      Anonymous
      • 4 weeks ago
        Anonymous
  62. 4 weeks ago
    Anonymous

    >Blockchain and crypto is useless!
    >ENS is fricking dogshit! If it ain't broke don't fix it!

    Literally deserve all your slop.

    • 4 weeks ago
      Anonymous

      >ENS is fricking dogshit
      ENS is dogshit. Others are better.

  63. 4 weeks ago
    Anonymous

    using this because I can perfrom tls queries otherwise I'd just query the root servers directly
    https://adguard-dns.io/en/public-dns.html

    • 4 weeks ago
      Anonymous

      >be almost at war with russia
      >use a russian dns resolver

      • 4 weeks ago
        Anonymous

        >be israel first AIPAC controlled US congress
        >codify gay marriage and race mixing into law
        >allow the israelites to flood the country with aliens
        >explicitly harass and hate on Whites and Christians
        >destroy the average quality of life
        >destroy the value of the dollar with inflation
        >steal all of the productivity of Whites with taxes for redistribution to non-White invaders and foreign governments
        >infect the military with gays, females, and aliens
        >allow BLM to conduct a color revolution in the US and prosecute everyone who opposed the color revolution
        >give the FBI 200 million dollars for a new HQ after they harass and attack anyone who doesn't want to be replaced by aliens in their own country

        What our congress is doing and what they want doesn't represent me. The "country" isn't at war with Russia. The rogue israelite controlled congress that is attacking White people everywhere is at war with Russia.

        • 4 weeks ago
          Anonymous

          >"unfriendly foreign state governments and their citizens who support their corrupt oligarchy won't be hostile to me and will treat my (presumably american) data with dignity"
          >"also russia is white"
          I'm not contesting the problems with the US in your statements, but listen to yourself. You're a mess, anon. What are you even doing? You're a useful idiot if you trust a nation's intent SOLELY on the basis of frustration with your own. Moreover if you really feel this way why don't you go live there and die for banana? Answer: It's because you're actually just a spoiled frick and don't care about morality, tradition, or anything meaningful.

          Tl;dr: Unironically have a nice day. You belong in the same grave as vatnicks, trannies, and corrupt government officials (this is you).

          • 4 weeks ago
            Anonymous

            I'm not in a personal war with Russia. I don't give a frick about the regime or its problems or who they say I shouldn't like. Bottom line is the service works great and I like it. If our own country wasn't corrupt and engaged in illegal domestic spying, I would have just stuck to querying the root dns servers directly.

            the common russian citizen does not identify with your plight and will either see you as moronic, a target, or both.

            I'm not looking for solidarity from the Russian people. I'm just using a service that works fine that apparently all of the buttplugged pride marching israelite pawn 5 eyes contractors who post here are assmad about.

        • 4 weeks ago
          Anonymous

          the common russian citizen does not identify with your plight and will either see you as moronic, a target, or both.

          • 4 weeks ago
            Anonymous

            Yes we do. The common Russian citizen understands perfectly what is happening to the world.

          • 4 weeks ago
            Anonymous

            you don't speak for all of us, homosexual. we don't belong in ukraine killing our brothers. kys

          • 4 weeks ago
            Anonymous

            Ukrainain people need to get rid of Zelinski and realize that their nation is just a tool used by the US and Israel to destroy Russia. Wake up, and please keep the thread on topic. This political stuff does not belong here

          • 4 weeks ago
            Anonymous

            >tu quoque
            Kys

          • 4 weeks ago
            Anonymous

            >kys
            Go and be 12 years old somewhere else.

          • 4 weeks ago
            Anonymous

            Good thing Russia is incapable of invading America if they wanted to.
            They can have all of Ukraine for all I care.

    • 4 weeks ago
      Anonymous

      >I'd just query the root servers directly
      how? who can you trust to tell you their location?

      • 4 weeks ago
        Anonymous

        Not the person you are asking, but most DNS daemons come with a hints file but all you need is one working IP in the hints to bootstrap and update it. It can be updated over DNS, FTP, HTTP, HTTPS.

      • 4 weeks ago
        Anonymous

        You can use unbound to directly query the root dns servers but the queries can be seen by your ISP and the NSA because they are unencrypted. Instead I use tls queries to a non-regime dns server. They filter out a lot of ads too, which is nice.

  64. 4 weeks ago
    Anonymous

    DNScrypt, any other reply is wrong.

  65. 4 weeks ago
    Anonymous

    NextDNS via YogaDNS

  66. 4 weeks ago
    Anonymous

    so whats the consensus then? ISP DNS or roll your own?

    • 4 weeks ago
      Anonymous

      Cloudflare Resolver for Firefox which has been the default in Firefox for a long time.
      https://blog.mozilla.org/en/products/firefox/firefox-continues-push-to-bring-dns-over-https-by-default-for-us-users/

      Systemd also uses Cloudflare's resolver by default (next to Google's):
      https://github.com/systemd/systemd/issues/12499

      • 4 weeks ago
        Anonymous

        >cuckflare
        kys shill

        • 4 weeks ago
          Anonymous

          what the frick are you doing on a cloudflare site?
          https://boards.IQfy/cdn-cgi/trace

          • 4 weeks ago
            Anonymous

            i have no choice over what fricking shit this hell website uses
            but they dont deserve all my dns queries

      • 4 weeks ago
        Anonymous

        >Systemd also uses Cloudflare's resolver by default
        Well, if the worst thing that has happened to linux since its inception is using cloudflare, which was founded with a DHS grant, you know it's good.

  67. 4 weeks ago
    Anonymous

    >the law is literally something like "we're allowed to make anyone do anything if it helps us stop the infrigment of copyright"
    God I hate copyright so much it is unreal. Outlaw this stupid bullshit already.

    • 4 weeks ago
      Anonymous

      >copyright
      Necessary evil in order to make money, protect creative works, and to stimulate innovation by reducing concerns of risk from having your work stolen and reproduced.

    • 4 weeks ago
      Anonymous

      Half of this thread has gays recommending DNS resolvers that block ads. But woe is me when someone else blocks something. You can't have your cake and eat it.

      • 4 weeks ago
        Anonymous
        • 4 weeks ago
          Anonymous

          >french courts are a multimillion dollar company

          • 4 weeks ago
            Anonymous

            come back when you learned to read and comprehend simple sentences. what you said has nothing to do with what this thread is about or the article op linked.

            Protecting copyright protects people

            have a (You) for the effort.

          • 4 weeks ago
            Anonymous

            I'm serious. See

            >copyright
            Necessary evil in order to make money, protect creative works, and to stimulate innovation by reducing concerns of risk from having your work stolen and reproduced.

        • 4 weeks ago
          Anonymous

          Protecting copyright protects people

          • 4 weeks ago
            Anonymous

            Canal+ at least pays French taxes unlike any of those pirate sites

      • 4 weeks ago
        Anonymous

        Surely you can tell the difference is people blocking crap by their own choice and choices being taken away from them. Some call this trolling.

  68. 4 weeks ago
    Anonymous

    >NOOOOO I CAN'T USE THIS DNS SERVICE OR ELSE THEY'LL GET ME FOR... um... definitely not browsing ** sites ToT;;; i wouldn't do that... hehe.... BUT THEY'RE STILL GOING TO GET ME FOR NOT DOING ANYTHING WRONG

    Real funny watching people react with literal screaming rage over thinking they'll become targets for "no reason".....

    • 4 weeks ago
      Anonymous
      • 4 weeks ago
        Anonymous

        Oh wow, is that a heccin jpeg? What a great argument, now I definitely think you're not a basement incel kiddie who doesn't understand anything about the world. I'm heccin' 'vinced!

        • 4 weeks ago
          Anonymous

          I hope your handler beats you for your piss poor performance Black person.

    • 4 weeks ago
      Anonymous

      I don't disagree with you, but I do think we should be careful about this kind of thing generating complacency in the long run. Governments have historically targeted people for their own ends and data is one thing many governments want to get their hands on. Having said that I think common internet users aren't at the same degree of risk as other potential users, but I want as little directed advertising, risk of malware, and don't want to worry about identity theft from my own carelessness. Obviously smart Internet hygiene and OPsec are key to accomplishing these goals, and I know someone else somewhere will/has leaked my data, but I can still make my own home network harder to compromise by controlling where my DNS traffic goes. Besides, there is a limit to how much I can make my family more knowledgeable on this matter, so discretion is the best option.

  69. 4 weeks ago
    Anonymous

    so whats the solution if you have pfsense? so my quad 9 over tls isn't good anymore?

  70. 4 weeks ago
    Anonymous

    quad9 because my ISP blocks Russia(yandex)

    • 4 weeks ago
      Anonymous

      https://dns.yandex.com/

      • 4 weeks ago
        Anonymous

        their family dns doesn't block IQfy

        • 4 weeks ago
          Anonymous

          Because most boards are work safe
          Why ban an entire site for only a few boards?

          • 4 weeks ago
            Anonymous

            because dns can only block domains. you cannot block only the nsfw boards.

          • 4 weeks ago
            Anonymous

            That's what I just said you fricking moron

          • 4 weeks ago
            Anonymous

            so controld and cloudflare banning IQfy for being nsfw makes more sense, no?

          • 4 weeks ago
            Anonymous

            all the more reason there needs to be an uprising of altchans. millions of them. private, semi-public, public. every server on discord should have a dozen corresponding altchans to link files bigger than boosted-discord allows.

          • 4 weeks ago
            Anonymous

            I'm using Control D and I'm posting here
            You're clearly doing it wrong homosexual

          • 4 weeks ago
            Anonymous

            What is Control D?

          • 4 weeks ago
            Anonymous

            Control Dz nuts

          • 4 weeks ago
            Anonymous

            Ah its a meme. Or me-me.

            >Systemd also uses Cloudflare's resolver by default
            Well, if the worst thing that has happened to linux since its inception is using cloudflare, which was founded with a DHS grant, you know it's good.

            Funny note about DHS. Its the literal Russian to English translation of KGB. It's a little too on the nose.

Your email address will not be published. Required fields are marked *