Canadian TV, Computing and Home Theatre Forums - View Single Post - Cable TPIA's out in Ontario

View Single Post
post #15 of (permalink) Old 2019-08-16, 02:38 PM
Join Date: Jan 2014
Location: Mississauga
Posts: 4
Originally Posted by ExDilbert View Post
I like to use DNSBench from to find a good name server and avoid Google's name servers for privacy reasons.
All DNS servers will expose the source IP's internet name request unless they explicitly do not log or have not configured logging, which is irresponsible if one wants to know how their server is used, for stability reasons. A server administrator or operator cannot prevent a distributed denial of service attack effectively if they do not log and expose the source IP of the name request. It's very difficult to pinpoint a DDoS attack from other log sources, such as hardware firewall logs, as many attacks span multiple IP ranges while keeping the total sessions per IP down, effectively cloaking itself from other legitimate DNS internet requests. The only way to mitigate an attack is to see the log of the name request itself so it can be nipped in the bud.

The point of "privacy" is less applicable when you select an alternate name server, because your name request will be the same needle within a smaller haystack, so a small fry server operator would be more privy to the information if they decided to want to use that data for profit. It's best to use a known reliable server as an alternate along with another server that you also control, if possible. At least with Google's server, your internet request will be more secured from surfing to a known bad and malicious server that Google keeps track of. Almost no other server provides the basic levels of DNS security that Google does for free. Rogers DNS does not provide any additional security features that they make customers aware of, and their servers are abused often times by their own subscriber base.

I understand that people, including myself, might not like Google for various reasons, political or otherwise, but they honestly do run some of the best free public dns resolvers that also correct a lot of internet surfing problems once people configure one of them into their internet devices.

If you are a casual internet surfer, you are better off having your internet request go to Google's vs anyone else, unless you are more comfortable having that other server operator able to see your request much more easily than a Google tech would.

In Linux, all you need to do is run a single command to parse a known IP to watch or output all of their internet requests, and any server running on Unix or Linux has this capability. It all depends on the person that knows how to wield such tools to do what they want to do with the data.

For me personally, I am just trying to run a stable server for the public and for my client's web performance and reduction of malware.

Google for the most part is trying to clean the internet, there's no doubt there's privacy exposure, but almost all operators expose that privacy, internally I hope, so you might as well benefit from theirs, because they at least do some good with theirs. Other operators run theirs irresponsibly, which is why there are so many DNS outages across the country. Many times the outages have nothing to do with the ISP, unless the customer is using a DNS server that ISP operates.

Also even if you run your own DNS, your privacy is still exposed, because your recursive internet requests are examined by the global root servers via root hints. There's no way to completely secure your internet requests unless you create a forward lookup zone for every single internet name imaginable and then by maintaining them all by yourself. The root servers and operator of those root servers are ultimately able to see everything, if they choose to. Running your own server ultimately harnesses a lot of that control.

Just use Google's unless you really are generally bitter about them or want to serve up your own requests yourself or want to permit another large provider to serve up your requests instead. Ultimately, whichever server you configure will be the server that you are permitting to see your internet requests once you hit OK and start surfing.

I say all of this not solely for your viewing, but primarily for others who believe that not using Google's DNS somehow protects them from "privacy", which is a false notion. It's more about who to trust more than anything else.

The winner of your DNS traffic should be to those who run the best servers within the geographical area closest to your internet connected device or network, or have the best response times, but also other more important factors, and the DNSbench tool, as you mentioned is a way to help determine that winner, but it's not everything. Reliability combined with domain and IP blackhole filtering with performance should determine which are the winner DNS servers.

Last edited by rapideye95; 2019-08-16 at 03:33 PM.
rapideye95 is offline  
For the best viewing experience please update your browser to Google Chrome