I read a bit about using a different DNS for Privacy and I think the best one should be quad9? Or is there anything better except self hosting a DNS?
I use Quad9 for my upstream.
This!
Using NextDNS for quite long time
I use cloudflare dns
Quad9 is decent, but there’s some weird legislative issues (they can be court ordered to not resolve certain sites) BC weird reasons.
If you have a raspberry pi or similar sitting somewhere, you can set up a pihole DNS with unbound as upstream. Then you’ve got a DNS that’s as private as you want, locally cached and with additional ad/malware/… blocking capabilities.
I use NextDNS, but also use Cloudflare sometimes.
The one from your ISP. Your ISP can see your traffic anyway, so you gain nothing by using a third-party DNS server.
That’s not true at all. If you’re after the fastest DNS for loading / response times then the ISP DNS would be ideal. For privacy you’d want one that can offer ad and tracking protection like NextDNS.
Okay, maybe I got the question wrong. If you care about content blocking, then you are right (though I’d prefer self-hosted resolvers like pi-hole or AdGuard Home over third party resolvers).
You can use pihole as your main resolver and NextDNS as your down stream resolver as well for layered protection. That’s what I do. Works well. NextDNS is free protection up to 300,000 queries a month. If you go over it just acts like any regular resolver. The paid plan is inexpensive too.
If you use the same or similar blocklist it does not provide additional protection though.
That’s true yes.
As far as I read (I’m no expert!) they could check the SNI of the TLS handshake if they want. But using the DNS of the ISP is handing them the data right in a way they can analyze/use them very easily afaik?
Still learning about this topic!
They route your traffic, hence they can see all IP addresses you communicate with. With a reverse lookup you can then usually find out the address too.
[This comment has been deleted by an automated system]
I’m not an expert on what makes a “good DNS”, but I have been using a pi-hole for about 5 years and it has been super stable the whole time, despite my best efforts.
