Hacker News new | ask | show | jobs
by kqr 3084 days ago
Or configure whatever caching DNS serveryou currently have installed on your LAN to do the same.

Oh, you don't have a DNS cache on your LAN? Strongly recommended for performance reasons, if not privacy as well. I don't remember what actual measurements I ended up with, but latency realmy hurts!
1 comments
regecks 3084 days ago
An alternative:

I run dnscrypt-proxy locally, encrypting (TLS) all my DNS traffic between me and OpenDNS, also giving me the option for my system resolver to give NXDOMAIN for any names on a local blacklist.

It was remarkably easy to setup, just install the package.

  $ cat /etc/dnscrypt-proxy/blacklist
  fbcdn.net
  facebook.com
  google-analytics.com
  www.google-analytics.com
link
kqr 3084 days ago
Good suggestion. I sandwhich Dnsmasq between applications and dnscrypt-proxy[1] because the opennic anycast servers were too slow otherwise.

[1]: https://two-wrongs.com/secure-dns-on-a-laptop-with-debian.ht...

link