[tombrossman]

After recently setting up Pi-hole on my Turris Omnia I had to choose between using Google's DNS (which supports DNSSEC) or sticking with OpenDNS (which does not...yet?), so I gave up using DNSSEC. The submitted IBM site is really slow to load but I did manage to grab a screenshot of the FAQ page[0] which confirms they do support it. And the privacy policy looks pretty good also[1].

I tried to archive the pages with archive.is but it did not appear to be loading for them either.

Hopefully the site comes back up soon but I have to say I expected to see yet another surveillance capitalism service and I was pleasantly surprised. I'll try it out for a week and see how it goes.

[0]https://screenshots.firefox.com/LiNdj97Ck3qaLXze/www.quad9.n... [1]https://screenshots.firefox.com/YEsWa5TwhGYQDZFZ/www.quad9.n...

[gca_dre]

Yup the team is working on this, sorry about the hiccups. :(

[armitron]

Why would you use Google/OpenDNS/whatever when you can use dnscrypt [1]?

[1] https://dnscrypt.org/

[detaro]

Which still requires you to pick a resolver you trust to send your (then encrypted) traffic to, and if the parent wants DNSSEC it still requires them to find one that supports that (DNSCrypt is not a replacement for DNSSEC)

The list of resolvers they have there it's not exactly obvious why I should trust any of those more? (and OpenDNS is on that list) https://dnscrypt.org/dnscrypt-resolvers.html

[tombrossman]

Could be wrong but it is my understanding that the Omnia either does not support it or it needs additional configuration, which I wasn't interested in performing. Since I was using Pi-hole anyway I stuck with that. Fair question though, not sure about the down-votes you've received.

Here's the Turris documentation on how it handles DNS: https://www.turris.cz/doc/en/howto/dns