Seth said:
On Sat, 22 Nov 2014 18:46:18 -0800, ZEROF security@netmajstor.com wrote:
I use servernames without logging from this this list http://wiki.opennicproject.org/Tier2 (France).
Great resource of logless DNS servers, I'm a big fan of OpenNIC.
I'm not a fan of OpenNIC because they were, and probably still are, running open resolvers. That means the servers are wide open to be used for reflection attacks, cache poisening and likely numerous other attacks. And they didn't support DNSSEC. And if they aren't logging anything, how do they stop the attacks?
http://www.opennicproject.org/ says "so at least you are not tracked through your DNS requests." Saying it doesn't make it true. DNS wasn't designed with privacy built in, so how can they actually do that?
Have you bothered to encrypt DNS traffic by setting up dnscrypt-proxy or the like? These days it's something I include as standard.
Does a project exist that supports encryption and pooling the recursive queries, and DNSSEC, other than OpenDNS?
Chuck