Hello!
My knowledge about DNS resolvers is somewhat limited. So, in an effort to expand my knowledge and find a DNS resolver that works for me, I’ve come for help here.
Here is a list of terminology that I either know too little about, don’t know anything about, or want to make sure my understanding is correct about:
Cleartext (What does this mean in the context of protocols? Is it inherently bad?)
DoH (I somewhat understand this, but is it less secure than DoT?)
DoH/3 (How is this different from DoH?)
DoT (Is this more private than DoH?)
DoQ (I don’t know enough about this, how does it compare to DoH and DoT?)
DNSCrypt (I’m not sure what this is.)
Do53 (I’m not sure what this is. Is it a replacement for DoH/DoT/DoQ, or does it work alongside it?)
DNSSEC (I don’t know what this is.)
EDNS padding (I’m pretty sure I know what this is, it just pads DNS queries. What happens if “Cleartext” is used, does it still pad it?)
As for what I’m looking for in a DNS resolver: I don’t plan to self host it, I would like support for iOS, Linux, and Android, I would like it to be free, I would like EDNS padding, DoH is preferred (although I don’t quite understand the alternatives). I am aware that the DNS resolver will usually be the same as my VPN. Note: I’m not looking for a beginner DNS resolver, I’ve been using NextDNS for a while now, I’m looking for one with strict privacy and security.
I’ve tried looking at Privacy Guides and Wikipedia, but I don’t know enough to make an educated decision.
Any suggestions?
Thank you all!
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.31K Posts
- 53.4K Comments
- Modlog
That is very helpful, thank you! Is there any benefit to using UDP over TCP? I know TCP is more easily detectable with a port scan, and TCP uses ACK to make sure the data gets sent (and for that reason UDP is usually faster but lossy). How does that fit in with the context of DNS queries?
TCP 443 is more likely to be open than UDP 443 so using a technology that uses TCP 443 is more likely to work.