this post was submitted on 13 Jun 2023
5 points (100.0% liked)

Technology

37716 readers
372 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

this a bad idea?

you are viewing a single comment's thread
view the rest of the comments
[–] Saik0Shinigami@lemmy.saik0.com 5 points 1 year ago (2 children)

No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.

Recursive DNS servers will contact root DNS servers. You CAN run a recursive DNS at home quite easily. The only downfall is that root DNS typically doesn't support any of the encrypted DNS options.

[–] ubergeek77@lemmy.ubergeek77.chat 3 points 1 year ago* (last edited 1 year ago)

Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, and have all that traffic leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.

For my threat model (and probably most everyone's), using Cloudflare's encrypted DNS is good enough for me.

[–] preciouspupp@sopuli.xyz 1 points 1 year ago

I just use the DNS proxy on my Mikrotik. If you communicate with the root DNS servers in plain text, then it can be just sniffed too. Hard to win here as to have to trust something at one point.