NixNet
/
NixNet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
NixNet/dns.md

3.6 KiB
Raw Blame History

layout title description subtitle permalink cover
page DNS Uncensored public DNS servers running on NixNet Uncensored public DNS servers /dns/ /assets/pages/dns.png

NOTE: Adblock with Pi-Hole is Coming Soon™

Preamble

Before going through and setting every device to use my DNS servers, I recommend you read sections 1 - 2 of a previous post so you actually understand what's happening and what you're doing. DNS is set up on the same servers as my Tor exits so, if you're in a country that actively blocks Tor, you could run into issues unless you use the Anycast IP/hostname.

IPs & Hostnames

For simplicity's sake, I recommend using the Anycast hostname as your primary, the location normally nearest to you as secondary, and a different provider for your tertiary DNS. With Anycast, you'll automatically use the server geographically nearest (the one with the lowest latency) and it will be secured with TLS. For more technical information on Anycast, click the link above. The second Anycast IP address is for plaintext DNS (not recommended); everything else is DNS-over-TLS. If you don't know what those are, the next section explains a bit more.

Anycast

  • uncensored.any.dns.nixnet.xyz
  • 198.251.90.114:853 (DoT)
  • 198.251.90.114 (plaintext)

Las Vegas

  • uncensored.lv1.dns.nixnet.xyz
  • 209.141.34.95:853 (DoT)

New York

  • uncensored.ny1.dns.nixnet.xyz
  • 199.195.251.84:853 (DoT)

Luxembourg

  • uncensored.lux1.dns.nixnet.xyz
  • 104.244.78.231:853 (DoT)

After setting them, you can test your connection with ipleak.net. If you have JavaScript enabled, the line below will tell you which server you'll connect to with Anycast at the moment. If you travel a lot, that server will change depending on your location.

This element requires JavaScript to be enabled

* Please note that your DNS-over-TLS client must support SNI (Server Name Indication).

Recommendations

I recommend setting fallbacks with other providers (such as Lelux.fi's) in case mine are down for some reason. Redundancy is always a good thing. A friend of mine has a page with a list of DNS resolvers on it that you can peruse as well. I highly recommend DNS-over-TLS (DoT). Plaintext is . . . well . . . plaintext; anyone can snoop on your traffic. DoT is end-to-end encrypted so no one but you and the DNS server can see your queries. DNS-over-HTTPS (DoH) is just as secure but it's supported by far fewer devices and applications. It's also more difficult to set up 😅

The best thing to do, in my opinion, is set your DNS at the OS level with Stubby or Unbound, for example, and not at the application level i.e. with Firefox's DoH implementation. For more information about configuring custom DNS servers on various devices, read the related blog post.

Until I get adblocking DNS set up, take a look at my post on blocking ads locally. There are solutions for most™ devices and none of the guides are particularly difficult to implement.