Do you need a DNS server without censorship and for privacy?
@digitalcourage runs a DNS server located in Germany that doesn't log normal user requests:
👉 2a02: 2970: 1002: 0: 5054: 8aff: fe12: db49
👉 Encrypted requests DNS-over-TLS
I would prefer Digitale Gesellschaft in Europe. No 14 eyes or such crap.
@rudolf @datenteiler Our anti-censorship DNS server does not log any requests. Only when debugging it, the IT admin will see the occasional request. Sadly, our DoT setup requires debugging now and then.
If you are worried about the 14 eyes: We are, too. We demand the abolition of secret services.
Switzerland is not at all free from surveillance. Our friends from Digitale Gesellschaft Schweiz sent us this text a few years ago: https://digitalcourage.de/blog/2015/swiss-surveillance-full-monty
Christian posted that you don't log "normal users". On an international forum, this WILL lead to misunderstandings. So I challenged him a bit. He the accused me of putting down your service to promote DG. Both you and DG are doing good, so you both deserve to be promoted.
You should think about DoH, as it is a valuable tool in being safe. In places where using Tor or VPN is dangerous, DoH could go unrecognized.
Christian (@datenteiler) probably translated part of this sentence from our website that can can indeed raise questions such as yours until you read the sentence that follows immediately behind it:
„Unser Server steht in einem externen Rechenzentrum in Deutschland und loggt keine normalen Nutzeranfragen. Allerdings werden fehlerhafte Anfragen geloggt, die in den meisten Fällen von Angreifern oder kaputter Software gestellt werden.“
Our verdict on DoH is not final yet. We will keep thinking about it, but first we need to make DoT more stable. /c
About DoH. I use DoH with Firefox(Android) for around one year. To see if it works. First with mozilla/cloudfare, then securedns, now DG. Sometimes, I need to retry. So what.
It would be better if you set up a frontend that does it 98% than none at all. There are not enough DoH servers. The really good part of DoH is if you switch servers often, then you are much more safe. Be a part of it.
@datenteiler @digitalcourage Unfortunately, ARM confirmed a bug in their router firmware. So I am forced to configure DNS over TLS and DNS over HTTPS in each and every machine and browser. I don't want to use an application, do you know of operational Tutorials to configure encrypted DNS in Linux, Windows, and browsers, where additionally needed?
@datenteiler @digitalcourage I learned from https://madaidans-insecurities.github.io/encrypted-dns.html now that DoT/DoH are not enough, because Server Name Indication and OCPS, necessary in certificate validation, transfer server names as well. IT, and privacy in particular, is like shaving the Yak. 😖
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.