NixNet
/
NixNet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

modify some dns information

This commit is contained in:
Amolith 2019-08-27 23:52:04 -04:00
parent fb20901db4
commit 7db811a1d1
Signed by: Amolith
GPG Key ID: 51FD40936DB0065B
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md
View File

@ -21,12 +21,10 @@ For general browsing, I recommend [uBlock Origin](https://addons.mozilla.org/en-
Same as with Firefox, I recommend [uBlock Origin](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) and [uMatrix](https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf) together. Check the bottom for my [configuration](#ublock-origin-configuration) recommendations!
## Safari
Again, I recommend Firefox. If you're stuck on Safari, however, [uBlock Origin](https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3) is available as an extension there as well. There's some general information about who develops it on the main [GitHub repo](https://github.com/gorhill/uBlock#safari-macos). For instructions on installing it, read the related [wiki page](https://github.com/el1t/uBlock-Safari/wiki/Installation-and-Updates). If you do use it over Better (below), check the last section for my uBO [configuration](#ublock-origin-configuration) recommendations.
Again, I recommend Firefox. If you're stuck on Safari, however, [uBlock Origin](https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3) is available as a desktop extension there as well. There's some general information about who develops it on the main [GitHub repo](https://github.com/gorhill/uBlock#safari-macos). For instructions on installing it, read the related [wiki page](https://github.com/el1t/uBlock-Safari/wiki/Installation-and-Updates). If you do use it over Better (below), check the last section for my uBO [configuration](#ublock-origin-configuration) recommendations.
You can also use [Better](https://better.fyi/) from [Aral Balkan](https://mastodon.ar.al/@aral). This is probably the . . . *Better* 😏 choice as Safari is known to disable uBlock Origin because it's "too heavy". I don't use macOS or iOS so I don't have any personal experience. I got some suggestions from other people, went through them, and chose two of the better ones.
A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app/apple-store/id1047223162), a free adblocker. I'll update this once she reaches a verdict.
# Mobile
Phones are typically more limited than desktops so blocking ads here is a bit more difficult. In the past, the Firefox Android app had support for extensions but, starting with version 70, that will be no more. Other than that, the only decent way is to use VPN or DNS techniques. I prefer Android but I know iOS is also popular so I tried to find some solutions for it as well.
@ -54,3 +52,5 @@ A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app
In my opinion, uBO is one of the most powerful adblocking tools there is. It has sane defaults for the new user, the settings are easy to understand nad navigate through, and there are many advanced features for people who know what they're doing. **Protip:** if there's an add on a page that you don't want to see, click the extension icon, then the <i class="fa fa-eyedropper"></i> icon, then find the element you want removed, click it, then click `Create`. That will hide the element in the future 👍
Personally, I recommend enabling the majority of the filter lists. I have all the Built-in lists enabled, Ads, Privacy, Malware domains, Annoyances, and Multipurpose. I've also added my own [hosts file](/hosts.txt) (generated with [`hblock`](https://github.com/hectorm/hblock)) in the custom section. Other than enabling additional lists, my setup is the same as default!
I also recommend taking a look at a friend of mine's [uBO Recommendations](https://theel0ja.info/ubo-recommendations/).

14
dns.md
View File

@ -10,31 +10,36 @@ cover: /assets/pages/dns.png
Before going through and setting every device to use my DNS servers, I recommend you read sections 1 - 2 of a [previous post](/blog/dns-and-root-certificates-what-you-need-to-know/#1-what-is-dns-and-why-does-it-concern-you) so you actually understand what's happening and what you're doing. DNS is set up on the same servers as my [Tor exits](/tor-nodes/) so, if you're in a country that actively blocks Tor, you could run into issues unless you use the Anycast IP/hostname.
# Features
* Uncensored (the backend is [Unbound](https://en.wikipedia.org/wiki/Unbound_(DNS_server)))
* No logging (see [Privacy Policy](/privacy))
* [Anycast](https://en.wikipedia.org/wiki/Anycast)
* [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS)
* [QNAME minimisation](https://tools.ietf.org/html/rfc7816)
* [DNSSEC validation](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en)
* No logs (see [Privacy Policy](/privacy))
* Optional adblock w/ [Pi-Hole](https://pi-hole.net/) coming soon&trade;
* Optional adblock w/ [Pi-Hole](https://pi-hole.net/) using my [hosts.txt](/hosts.txt)
# IPs & Hostnames
For simplicity's sake, I recommend using the [Anycast](https://en.wikipedia.org/wiki/Anycast) hostname as your primary, the location normally nearest to you as secondary, and a different provider for your tertiary DNS. With Anycast, you'll automatically use the server geographically nearest (the one with the lowest latency) and it will be secured with TLS. For more technical information on Anycast, click the link above. The second Anycast IP address is for plaintext DNS (**not recommended**); everything else is DNS-over-TLS. If you don't know what those are, the next section explains a bit more.
Anycast
* `uncensored.any.dns.nixnet.xyz`
* `adblock.any.dns.nixnet.xyz`
* `198.251.90.114:853` **(DoT)**
* `198.251.90.114` **(plaintext)**
Las Vegas
* `uncensored.lv1.dns.nixnet.xyz`
* `adblock.lv1.dns.nixnet.xyz`
* `209.141.34.95:853` **(DoT)**
New York
* `uncensored.ny1.dns.nixnet.xyz`
* `adblock.ny1.dns.nixnet.xyz`
* `199.195.251.84:853` **(DoT)**
Luxembourg
* `uncensored.lux1.dns.nixnet.xyz`
* `adblock.lux1.dns.nixnet.xyz`
* `104.244.78.231:853` **(DoT)**
After setting them, you can test your connection with [ipleak.net](https://ipleak.net). If you have JavaScript enabled, the line below will tell you which server you'll connect to with Anycast at the moment. If you travel a lot, that server will change depending on your location.
@ -48,7 +53,10 @@ I recommend setting fallbacks with other providers (such as [Lelux.fi's](https:/
The best thing to do, in my opinion, is set your DNS at the OS level with [Stubby](https://wiki.archlinux.org/index.php/Stubby) or [Unbound](https://wiki.archlinux.org/index.php/Unbound), for example, and not at the application level i.e. with Firefox's DoH implementation. For more information about configuring custom DNS servers on various devices, read the related [blog post](/blog/setting-dns-on-mobile-and-desktop/).
Until I get adblocking DNS set up, take a look at my post on blocking ads [locally](/blog/blocking-ads-on-mobile-and-desktop/). There are solutions for most&trade; devices and none of the guides are *particularly* difficult to implement.
If you don't want to use DNS for blocking ads, take a look at my post on doing it [locally](/blog/blocking-ads-on-mobile-and-desktop/). There are solutions for most&trade; devices and none of the guides are *particularly* difficult to implement.
# "Source"
All the software running the backend is open source so the configs are really the only unique parts about my setup. They can be found at [NixNet/dns](https://git.nixnet.xyz/NixNet/dns) on my Gitea instance. If you have any questions, simply [contact me](/contact) somewhere!
<script>
fetch("https://check.any.dns.nixnet.xyz/check")

2
privacy-policy.md
View File

@ -45,7 +45,7 @@ To elaborate on Unbound's verbosity, if you have it installed, you can run `man
There's no warranty, no uptime assurance, etc. so I recommend using multiple [resolvers](https://wiki.lelux.fi/dns/resolvers); that also improves privacy because the DNS queries are spread across multiple providers
# Exceptions
I do live in the US; I have two servers here, one in Germany, and another in Luxmebourg. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will. *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it.
I do live in the US; I have two servers here, one in Germany, and another in Luxembourg. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will. *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it.
# Recommendations
To mitigate invasions of privacy like this, use a throwaway email address for registration, such as one from [anonbox](https://anonbox.net/) if you want a temporary address or [cock.li](https://cock.li/) for something a bit more permanent, provide a [fake name](https://fakena.me/fake-name/), and use the service from behind [Tor](https://www.torproject.org/) or a VPN. Rather than a VPN, however, I *strongly* recommend using Tor across all devices. They have an [Android version](https://www.torproject.org/download/#android) now and there's another browser for iOS that they recommend called [Onion Browser](https://apps.apple.com/us/app/onion-browser/id519296448). I don't use iOS so I can't say whether or not it's any good, just that the Tor Project recommends it below the Android section.