1.1.1.1: Faster & Safer Internet

amish

Star gazer
Regulars
#3
I switched to 1.0.0.1 and 1.1.1.1 because it offers DNS encryption.

But I hardly used 8.8.8.8 earlier. I was using OpenDNS (which doesnt offer DNS encrytion)

I used 8.8.8.8 / 8.8.4.4 only when OpenDNS had any issue.
 


amish

Star gazer
Regulars
#5
There is no such thing as internal support in Linux because Linux is group of packages

If package is part of base group then you may call it internal.

In linux BIND name server support DNSSEC. But not DoT or DoH.

Firefox users can use DoH but it wont be system level.

However there are packages which can act as DoT or DoH proxy.
 

Sushubh

Administrator
#6
Was wondering if popular distro include support out of the box especially in gui. Like Ubuntu or Mint.
 


amish

Star gazer
Regulars
#8
Was wondering if popular distro include support out of the box especially in gui. Like Ubuntu or Mint.
Most distro have GUI to change nameserver. So you can install appropriate DNS resolver and change nameserver to 127.0.0.1

The problem is that not all resolvers support all methods. One supports DNSSEC but not DoT / DoH other supports DoT/DoH but not DNSSEC

Domain name resolution - ArchWiki

Once there is proper standard for DNS encryption, I believe most softwares will have out of box support.
 

Sushubh

Administrator
#10
also which package are you using for encrypted dns on your linux machine! my pi is permanently on VPS so i guess encrypted dns is not really required on that.
 

Sushubh

Administrator
#12
ah right. i have bind installed on the pi. used it for a while but dropped it later on. dot and doh are both encryptions as well right? or are they just considered secure lol?
 

amish

Star gazer
Regulars
#13
DoT and DoH are secure but not yet popular. For system level DoH - you must have DNS proxy (be it windows or Linux)

They are still upcoming standard and except few top DNS providers - most of the ISPs dont support them yet.
 

amish

Star gazer
Regulars
#15
Currently you can not bypass the ISP even with DoT or DoH.

Because they dont trace DNS queries but HTTP or certificate domain for HTTPS.

You need to wait for TLS 1.3 along with ESNI support - thats when ISPs wont be able to track you. (except knowing IP / Port you connected to)

TLS 1.3 supports encrypted certificate and Encrypted SNI. Its extension to under testing by Cloudflare. This will completely hide the domain you are connecting to.
 
#18
1.1.1.1: Faster & Safer Internet – Apps on Google Play

✌️✌️1.1.1.1 -- the world’s fastest and safest DNS resolver -- ✌️✌️

1.1.1.1, the privacy-first DNS resolver is now available on the go. No one should be able to snoop 🔍 on what you do on the Internet. We’ve created 1.1.1.1 so that you can connect to the Internet securely anytime, anywhere.


Greater privacy 🔒
By using a secure connection, 1.1.1.1 makes sure no one can snoop your DNS queries.
Some ISPs use DNS queries to sell your data. Cloudflare will never sell your data or use it to target ads. Period.

Fastest way to experience the Internet 🚀
1.1.1.1 makes the Internet faster by using Cloudflare’s global network.
On average, we are 28% faster than the next fastest public resolver.

Easy to use ✌️
One-touch setup to make your Internet more safe and private.
Install it today, get faster Internet, it’s that simple.

Best of all: No upsells, no in-app purchases, and free for life. Website owners pay us to make your Internet faster so you don’t have to.

 
Likes: anubhav11
#19
less colorful/flash than intra. does not support non-cloudflare dns. you can switch between DoT and DoH. and as usual... not really required if you are on android pie. and of course... you cannot run vpn along with this app.