[walrus01]

As an ISP, I'm skeptical of the motivations of big CDNs and Google in general, but it's becoming an ietf standard. I run recursive resolvers for clients numbering in the hundreds of thousands, with an ACL that allows only our ARIN IP blocks to query them.

It is not hard to put a dns-over-https frontend in place for my clients which pulls queries from my own trusted bind9 servers.

Any ISP with a clue can do the same.

[djsumdog]

For people who know how, why not just run this stuff locally? Setup your own recursive resolver on an openwrt router? Or maybe in a hosted VM close to where you live?

I know Google and CF claim they don't track this DNS information, but why even use them when you can run your own. Keep in mind CF did have a software bug that spewed SSL traffic and passwords all over the Internet[1], and they took down a website once because their CEO didn't like it[2].

[1] https://blog.cloudflare.com/incident-report-on-memory-leak-c...

[2] https://fightthefuture.org/article/the-new-era-of-corporate-...

[h1d]

When you simply run a packaged router at home that doesn't have the ability to do its own resolver, then you have to host it somewhere but since DNS can't do authentication, it's hard to keep it private.

I'd like to know a way to host your own resolver but keep it private even when you're on mobile IP.

[NetOpWibby]

What’s your ISP’s web address?

[walrus01]

I share some controversial opinions on here semi-anonymously and wouldn't want my personal positions on certain topics to be confused with an official position held by the companies I contract for. I can say that it's not a huge one, it's a mid sized regional ISP.

[NetOpWibby]

Oh! I thought you were the CEO of an ISP. I'm curious about starting my own someday so I take notes of smaller operations as inspiration.