On Tue, 12 Sep 2017 23:28:35 +0200 Ralph Seichter m16+tor@monksofcool.net wrote:
On 12.09.17 23:06, Roman Mamedov wrote:
Too bad DNS servers are not something a regular person can own, so we have to be at mercy of those shady all-knowing uber-powerful Owners of the DNS Servers.
I take it you're being ironic?
Guess I failed at doing that well, if you had to clarify. (Or maybe you didn't read my entire message.)
One might say that the more people run their own nameservers, the harder it gets for attackers to gather data or interfere with the DNS system.
Running your own authoritative nameservers is laudable as well, but the current discussion is about recursive resolvers. You know, the likes of 8.8.8.8 and the ones your ISP runs for their clients "to reduce traffic".
Point is that it is entirely possible, and really easy, to just have your own instance of that. It will not use any fixed "upstream server" other than the root nameservers (and those, only to ask generic depersonalized stuff such as "who handles the .com zone").
Note that 'dnsmasq' won't do, that's just a caching proxy to a fixed set of a few upstream DNS resolvers; you need 'unbound' which IS a full independent DNS resolver itself.
(Unbound is caching as well, though).