Add documentation about hardcoded fallback DNS server

[LoXan007]

Hi,
i've looked little bit in your code and found out that the Public DNS Server from google are hardcoded into the library. I guess you know from the data collection from google and in my opinion the Google server are the worst choice from all possible dns servers (together with cloudfare).

So i have one question and one request:

1. Under which circumstances will the hardcoded dns server be used? Is the Google DNS only a Fallback for the case if the library cannot make a sucessfull dns query to the dns server given from the network/router? Or will all dns querys go over the Google DNS?

2. Now my request: Can you please change the hardcoded DNS to a more-privacy friendly solution? For example to the dns server from Digitalcourage, UncensoredDNS or dns.watch. They don't logging as far as i know and are located in EU.

I would be really thankful when you could fulfill my request in the near future or at least tell me under which circumstances the Google DNS Server will be used so that i can avoid them.

[rtreffer]

I remember when I added those. Besides opinions there is a very compelling reason for 8.8.8.8....

This library was originally started to overcome DNS limitations on Android - especially SRV records.
There was no official way to find the nameservers used by the OS - you had to rely on exec'ing commands or reflection.

This was not super reliable. At the same time the OS would use a fallback. You might guess what fallback Android used: 8.8.8.8.

So there you have it: using 8.8.8.8 minimizes the parties you disclose DNS names to. It was simply a copy of the OS fallback.

This can be disabled by users of this library. If you are concerned about this you should file a request with whoever uses this library. These DNS servers could even be backlisted which would disable sending anything to Google even if the OS is configured this way (e.g. via DHCP options).

It is used as the last option if the other discovered DNS servers fail and if MiniDNS does not act as an iterative client.

There is more to 8.8.8.8 though. It is an AnyCast address. So while it does disclose DNS names to Google it only discloses it to the minimum number of parties possible (DNS queries are trivial to intercept and monitor). You end up on an EU server, likely even in the same country.

An EU only option - while appealing - would cause high latency for people around the world. This is very problematic for a DNS library.

If you are concerned about DNS I would always recommend to do iterative queries. Don't rely on a third party for that. This library supports iterative mode.

I don't think the DNS servers you listed are good general purpose solutions. They are great and are the best option depending on the use case, but not for all / overall usecases. Users of this library should configure this library for their needs IMHO.

[Flowdalic]

Thanks @LoXan007 for your feedback, thanks @rtreffer for this elaborate explanation, and sorry for the late response. I agree with everything Rene said. While this issue requires no code change, I think it would be sensible to put the information (i.e., most of what Rene wrote) into a MiniDNS FAQ (preferably as markdown in MiniDNS code repository).

1. Under which circumstances will the hardcoded dns server be used?

Only as fallback, as means of last resort.

2. Now my request: Can you please change the hardcoded DNS to a more-privacy friendly solution?

For the reasons Rene mentioned, I do not think is sensible. But, in addition to what Rene already wrote, MiniDNS even allows you to set your own hardcoded DNS servers. Unfortunately, it is not as obvious as simply modifying STATIC_IPV4_DNS_SERVERS, but you can add your own DnsServerLookupMechanism which simply returns hardcoded addresses. If you then call setUseHardcodedDnsServers(false), you have configured your own fallback servers.