/networking security/

Which DNS do you use?
Which router did you buy? Is there even a point to buying a router?
Best firewall on gnu/linux for a brainlet?

Attached: 361a1477-5e08-4b94-92a8-785446e9eae8.png (486x570, 52.42K)

Other urls found in this thread:

dnscrypt.info/
calomel.org/unbound_dns.html
twitter.com/NSFWRedditImage

I use 8.8.8.8
I bought an old router from my roommate and installed openwrt on it
I use the firewall included on openwrt

Also dobvious data mining thread is obvious but I'm curious about 8.8.8.8 instead of 2.2.2.2. I guess it makes sense to distribute my personal data among as many services as possible to prevent correlation, but DNS logs only provide the top level URLs I go to right?

One I run at home
pfSense box
You probably want firewalld

unbound using 8.8.8.8@853#dns.google
OpenBSD on a VM
brainlets shouldn't configure firewalls. nftables

I use Keweon DNS which claims to not log. It blocks trackers, malware, ads, and shit so I only use it for my phone since I can't afford a new phone with root access. It seems to be pretty open and trustworthy

None of this is relevant to actual network security.
Rule of thumb: You are fucked
There is no DNS, Webproxy, VPN, or Secure Network that will hide your ass from the NSA.

Yandex DNS best DNS. Glowfags gtfo)))))))

...

Local dnscrypt forwarded to OpenNIC dns server.
The one my ISP provided.
ufw

OpenNIC

TP-Link N750
Yes, because ISP routers are botnet and trash

firewalld

whats special about dnscrypt?

tp link in chinkware?

>dnscrypt.info/
inb4 dnscrypt actually refer to the communication protocol between dns client and dns resolver. Basically it encrypt your dns request. In my case I use dnscrypt because my third world shithole ISP always spoofing my dns request for blocking websites.

1. it works
2. in principle it's much more FOSS than DoT which Cloudflare and other companies are shilling. There's probably nothing wrong with DoT but support for it being so centralized means it's smoke and mirrors. See the Mozilla deal in hardcoding Cloudflare's DNS service into Firefox.

Am I the only one using unbound to host a cache server, that directly query from the root servers?
www. internic. net/domain/named.cache
I always feared using dnscrypt, or any other dns project. The DNS browsing informations are very important.
I don't trust any vpn provider for exemple...
Is that a shit way of doing things? Maybe a better way?

Recursive DNS queries to the actual root servers and all the way to authoritative servers are not encrypted (and probably never will be), meaning your ISP can see your shit.
Other than that, it's better to query DNS recursively, yes.

Unbound with DNSSEC. calomel.org/unbound_dns.html
There are plenty of other resolvers that don't make jewgle or kikeflare aware of every website you visit.

Depends

Attached: Screenshot_2019-06-26-20-31-52.png (1080x2160, 181.4K)

unbound on 127.0.0.1

ISP don't see shit since I'm behind a VPN. So my problem, is what is better between root servers, or openNIC servers.
Giving your dns infos to openNIC (or another project) or to root servers?

I've set up a DNS cache of 4 hours. Maybe I should turn it even more, maybe days (and if some server changes their ip, I just have to reload the unbound service). So I don't give much infos.

8.8.8.8
I'm all about Zig Forums.

i use my own dns server. i just update it from OpenNIC.
I just use the router my ISP gave me. it works well enough.
upw is the firewall for brainlets. opensnitch also not bad but not as good

I don't give a fuck. Whatever DHCP provides or what Tor provides.
You answered this for yourself.
Firewalls are a meme marketed to you from some retarded hax0r movie