This is what I do:
My tor exit node runs on its own, but I have a full caching bind server on a different VM. This services some domains I run, with ACLs to do regular DNS.
I use the following DNS servers:
2606:4700:4700::1111 -- Cloudflare 2001:1608:10:25::1c04:b12f -- https://dns.watch/ 2600::1 -- Sprint
No individual DNS provider inspires me with amazing confidence, however the caching server turns my bind instance into a pretty solidly constructed one.
1) I don't really think v6 snooping/monitoring is "there yet". Thin gruel, but still. 2) DNS doesn't go out the same stack in the case of v4 requests and doesn't go out the same ip for v6. Sure, you can associate to within the same /64 but that's just more effort any attacker would have to do. 3) I cache a LOT.
Check out these nameserver cache statistics:
services /var/log/named # grep -i cache stats ++ Cache Statistics ++ [View: internal (Cache: internal)] 251588520 cache hits 452018 cache misses 50306019 cache hits (from query) 63441802 cache misses (from query)
I cache a LOT.
Think of your threat model - what are you worried about? Is DNS really your concern?
On Tue, Jan 22, 2019 at 2:53 AM dns1983@riseup.net wrote:
Hello,
i'm a student, so I lack many networking notions.
Which are the most privacy reliable public dns servers? I don't exactly know how choose a third part DNS server. I read that cloudfare servers are audited by third parties but I'm not sure that I can trust. do you think that audition is trustworthy?
Thanks
Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità ._______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays