Future change to the default stubby servers #286
Comments
|
I understand why you are doing this but would like to say that I've been a happy user of this reliable service for several years and am disappointed to discover that I'll have to find someone else to trust. I am also very grateful, many thanks Sara and co. |
|
@inudge Thanks - we are sorry to have to discontinue that service but hopefully we can decide on a suitable alternative. |
|
AdGuard with DoQ would be nice to have as an option. |
|
Quad9 is not looking good to privacy oriented users not functionality wise but due to their logging policy which includes |
|
Option 1 looks good to me [Retaining just the getdnsapi.net server as the default and more strongly encouraging users to make their own decision} |
|
@morton-f Thanks very much for the feedback. If you compare Quad9 to the other open resolver options that provide anycast then its privacy policy is good, and they have recently moved their HQ to Switzerland so they are no longer under US law. All those organisations minimally log such data for a short period, but not IP addresses. The downside of retaining just the getdnsapi.net server is robustness - it becomes a single point of failure for users that don't change their settings. |
|
Thank you for the useful link to the Comparison of policy and privacy statements page. |
|
@morton-f Thanks for the corrected links - I've updated the relevant pages on dnsprivacy.org! |
|
Can we have the getdnsapi.net server to listen on port 443 as well then? Because currently only the sinodun ones do from the default list. I know they are other options (and I do use them), but a default server available on 443 would be nice too. |
|
@ArchangeGabriel thanks for the comment, it is a good point. |
|
Four uncited no-USA DNS options that I believe deserve to be considered or at least mentioned in this thread. LibreDNS. Non-profit collective, supported by donations and volunteering, with no interest in trading personal information. OpenNIC DNS non-profit and volunteer network, with additionally alternative no-ICANN domains. At the moment the network is made up of just over twenty independent servers, three of which provide DoT. Tenta. A service of the antivirus company Avast. It supports ICANN and also OpenNIC. NextDNS. Company 100% funded, owned and controlled by its founders. It is know for its customizable block lists. |
|
Additional uncited no-USA DNS server alternative that I believe deserve to be considered: |
|
Closing this as update to resolvers made in 0.4.1 release |
The existing dnsovertls*.sinodun.com servers were only expected to be used on a short-term proof of concept basis and so those servers will need to be retired later this year. The 0.4.0 release of stubby will make no change to the default server list, but will announce the intention to change it in the 0.5.0 release.
The existing default servers are all unicast and all based in Europe. Since many anycast public DoT resolvers with good privacy polices are now available, the getdns/stubby developers are discussing options for the future content of the default servers. That includes:
Retaining just the getdnsapi.net server as the default and more strongly encouraging users to make their own decision about what servers to use
Switching to just use a public resolver
There are several candidates for a public resolver but two under consideration are:
dns-unfiltered.adguard.com). This is an anycast service, with strong privacy policy.If users have comments or experience of these or other resolvers, please add them to this issue.
The text was updated successfully, but these errors were encountered: