I am new to IPfire , and after I read through a lot of discussions on this forum and wiki,
I realized that my favorite 9.9.9.9 upstream DNS server is on the Not recommended list including my backup 9.9.9.10 ,
I also experimented with OpenNIC servers DNS.watch
but I think the only one that seems to be working well AND is on the Recommended list, is the one on the top of the list: censurfridns.dk
I assumed the list is in Alphabetical order that’s why it is on top.
For privacy, I have to add a few more Upstream DNS server. So that’s why I decided to start this post
I am kind of confused what makes a DNS provider not recommended . I think the case of Quad9 has been well discussed here but I looked up the policies of some of the recommended DNS providers.
I am not sure why Google DNS is “recommended” It is definitely filtering malicious IP’s
Cloudflare claims it doesn’t record IP’s and doesn’t filter malicious IP’s
Hurricane Electric is one of the largest ISP’s and I didn’t even find their Privacy Policy.
Alternate DNS even filters Ads
Verisign claims they do not filter malicious IP’s
In terms of recording IP’s, all of them record full or partial IP’s. Cloudflare’s way of describing it seems the most privacy oriented, if you can rely on that of course.
On the other side, FreeDNS is NOT recommended.
I couldn’t find out why, They do not describe any policy of filtering,
Their slogan is “No DNS redirects. No Logging.”
That’s all I was able to find out.
I see they added some servers, in case anyone is interested. Not sure if it is worth to add to the Wiki.
|172.104.237.57|(Frankfurt, Germany)|
|172.104.49.100|(Singapore)|
|37.235.1.174|(Vienna, Austria)|
|37.235.1.177|(Vienna, Austria)|
|45.33.97.5|(Atlanta, GA, USA)|
I see they added some servers, in case anyone is interested. Not sure if it is worth to add to the Wiki.
|172.104.237.57|(Frankfurt, Germany)|
|172.104.49.100|(Singapore)|
|37.235.1.174|(Vienna, Austria)|
|37.235.1.177|(Vienna, Austria)|
|45.33.97.5|(Atlanta, GA, USA)|
in case you know more details about their operators and if they provide DNS over TLS and validate or pass through DNSSEC-related information, please feel free to add them to the wiki.
Especially the Singapore IP is interesting, as we do not know about much public resolvers in that part of the world at the moment.
Norton ConnectSafe, used to provide a free adult, malware, and phishing filtered DNS service. I have young kids, so this makes “parental control” easier. However they discontinued this service in 2018. I believe Cisco bought it, stripped it and used parts of it in a pay per use service.
I have started using Cleanbrowsing, even though its not recommended by ipFire. This is not because it is bad, but rather a legal disclaimer as they do modify your DNS requests. The modifying part being filtering. They have 3 different services, all free. Good for a small household. Have not found anything wrong with it… yet.
I was looking into creating a DNS filter for the ipfire, but since the DNS serives has moved to unbound, the scripts I had created stopped working correctly. Using a DNS filtered service for now will have to do.
The following is my opinion, so I suggest to do additional research to validate it.
A service provider to avoid like the plague is DNSReactor. Their services seem to have been hijacked for a few months now and they have not bothered fixing it. Which means they either a) don’t know or b) don’t care. Both would indicate a lack of ethics, and should sound alarm bells.
Greenteam is an Israeli based service, and if credible sources are to be believed, they are affiliated to a certain intelligence community. Again tread carefully when using them.
Yandex is Russia based, see my former comments, as they also apply.
I did some more research on FreeDNS and I didn’t find anything transparent about them.
Their contact form is broken, their whois records are kept under seal by Hetzner a German internet company. They claim to be based in Romania doing business as VIRTEXXA Cloud Services SRL.
The Singapore servers are provided by ihost24. com also based in Romania.
After all this, I don’t think they are Wiki worthy.
Yeah… I’m probably the wrong person to ask about Cloudflare. I personally don’t like them, and think their practises are ethically questionable, probably borders on unprofessional. Them having sold the world on DNS over HTTPS as a fast “secure” DNS service was probably the last straw.
If you check the blogs, there are a few write-ups about DNS, DNSSEC, DNS over TLS and DNS over HTTPS. I’ll see if I can find the links… Don’t think there is anything on DNSCrypt, but unfortunately it doesn’t work with ipfire so that explains that.
If you need family filters, OpenDNS and Cleanbrowsing, even though not recommended are probably your better choices. Alternatively create your own DNS filter with a few scripts.
I guess the same applies with malware and phishing. To populate all of these with the required source material should not be too hard.
