[autoexec]

Public DNS servers have their place. 8.8.8.8 and 4.2.2.1 are pretty popular. DDoS attacks don't depend on DNS servers either so you can't solve the underlying problem by making them go away either.

I always thought it'd be great if the EFF ran a public DNS server. At least you could trust them not to use your requests to build a profile of your online activity or redirect you to ads.

[kbuck]

8.8.8.8 and 4.2.2.1 have strict rate-limits configured that make them uninteresting/unsuitable for reflection attacks. The real issue is misconfigured resolvers exposed to the internet, not intentionally-provided recursive resolvers.

If you'd like to have a private DNS server, it's fairly easy to set up your own recursor. (Just please don't expose it to the whole internet.)

[martin_a]

> I always thought it'd be great if the EFF ran a public DNS server.

You could use the DNS server of the german non-profit "Digitalcourage": https://digitalcourage.de/support/zensurfreier-dns-server

They are taking a stance against censorship on the internet (and lots of other topics), so make sure to send them some money if you use the DNS. ;-)

[autoexec]

Thanks! I hadn't heard of them, but they seem great. I generally recommend folks use pretty much anything but Google's or their ISP's DNS servers, but this looks to be a really good option.

[iggldiggl]

One problem I've unfortunately run into with alternative DNS providers is that the "default" set of servers returned for content hosted by Akamai apparently has abysmal (not just slightly slower, but positively unusable during peak hours in the evening) peering with my ISP.

In theory EDNS Client Subnet (ECS) is supposed to work around this problem, but a) according to https://www.cdnplanet.com/blog/which-cdns-support-edns-clien... Akamai only supports this with Google and OpenDNS and b) alternative DNS providers might not support ECS anyway, whether explicitly for privacy reasons or otherwise…

Which means I'd basically have to set up a custom DNS resolver in order to special-case queries for Akamai domains…