[HN Gopher] Dns.Watch: Public DNS Servers
___________________________________________________________________
Dns.Watch: Public DNS Servers
Author : brobdingnagians
Score : 89 points
Date : 2021-01-15 16:02 UTC (6 hours ago)
(HTM) web link (dns.watch)
(TXT) w3m dump (dns.watch)
| ed25519FUUU wrote:
| This reminds me a little of Parler, where many (most?) persona
| non grata conservatives were gathered before the service was
| wiped off the web in one night.
|
| Even an "uncensored" and freedom-touting service is very
| vulnerable if it becomes too popular. Decentralization is best,
| diversification is better.
| joshxyz wrote:
| Is 1.1.1.1 censored in any way?
| Ayesh wrote:
| No. They have 1.1.1.1 for families, that they block certain
| sites.
| Triv888 wrote:
| not censored but they block sites?
| jshier wrote:
| 1.1.1.1 is just their product name. 1.1.1.1 for Families
| actually uses 1.1.1.2, and it filters things. 1.1.1.1 the
| actual resolver does not.
| evgen wrote:
| 1.1.1.1 is not censored.
|
| There are other variant resolvers run by Cloudflare that
| trade on the 1.1.1.1 'brand' but which are filtered for
| kids. These resolvers run on 1.1.1.2 and 1.1.1.3 for
| different levels of filtering.
| jcims wrote:
| I would argue that 'is' or 'is not' censored isn't a
| useful distinction. The question I would have is what
| circumstances could compel the provider to de-list/censor
| the addresses, or their service-providers/supply-chain to
| drop support for them.
|
| The hierarchical nature of the present Internet DNS
| infrastructure is fundamentally vulnerable to
| 'censorship'.
| circularfoyers wrote:
| 1.1.1.1 doesn't block anything, but they have 1.1.1.2 that
| blocks malware and 1.1.1.3 that blocks malware and adult
| content.
| benbristow wrote:
| archive.is (and other domains for the same thing) don't seem to
| resolve on 1.1.1.1.
|
| https://news.ycombinator.com/item?id=19828317
|
| Don't think it's censored as per-se (there's an answer on the
| link above) but it doesn't work.
| indigodaddy wrote:
| Recently (last few weeks?) archive.md/today et al started
| working for me over 1.1.1.1
| encom wrote:
| Not yet, but it's CloudFlare who doesn't exactly have a stellar
| record when it comes to censorship.
| gowthamgts12 wrote:
| As others mentioned, no idea who runs this and also DNS queries
| are slower from Chennai, India. I'm getting 400ms and it's much
| higher than others (30ms for google dns and 50ms for cloudflare)
|
| I think it's located on Germany and will be faster for people in
| EU region.
| JosephRedfern wrote:
| About 28ms here (UK).
| darkwater wrote:
| Indeed. I get 40-50ms from Europe (not Germany).
| umvi wrote:
| One of their stated goals is "DNS Neutrality" - has the domain of
| a legal (but unpopular) website (such as a neonazi blog, etc)
| ever been knocked offline from a DNS standpoint by activist
| private corps? Or is this a preventive measure?
| MrCandyCane wrote:
| While I am no prude the 'No Bullshit' right there in big letters
| while appealing to a certain demographic isn't especially
| 'professional looking'. Also I am not sure what the 'No BS' is
| supposed to be saying apart from being provocative - which I
| don't really look for in a DNS provider. Or as my Grandpa would
| say .. "Grow up".
| f311a wrote:
| DNS data worth a lot nowadays. I would not trust this site.
| heipei wrote:
| Every piece of user-generated data nowadays has value, DNS
| services are no exception. You can turn the data right back
| around and sell a Passive-DNS datafeed...
| jyap wrote:
| I'd downvote this if I could. Not much details on this. People
| just blindly upvoting this to #1 with no research? Also a
| possible security risk/attack on HN users.
| hundchenkatze wrote:
| I can't fully speak to their credibility, but I doubt it's an
| attack on HN users. I've heard of them outside of HN. If it is
| an attack on HN users specifically, then they're playing the
| long con. The first post to HN was 6.5 years ago.
|
| https://news.ycombinator.com/from?site=dns.watch
|
| Previous discussion:
| https://news.ycombinator.com/item?id=8060156
| heipei wrote:
| LOL, run from Germany, no Impressum (imprint), clearly designed
| for commercial gain, clearly collecting PII and possibly
| reselling it, accepts donation via BTC, this is triggering so
| many privacy and legal red flags I don't even know where to
| start.
| skrause wrote:
| It also has static query "statistics" at the bottom which
| suggest heavy use, which are most likely made up and haven't
| been updated since 2016:
| https://web.archive.org/web/20160328163252/https://dns.watch...
| bovermyer wrote:
| Due diligence: who runs this and why should I trust them?
| LinuxBender wrote:
| Hosted at diva-e datacenters GmbH [1] Netblock registration [2]
| and the domain uses privacy protection for whois under GoDaddy.
| [3]
|
| [1] - https://bgp.he.net/ip/84.200.69.80
|
| [2] - https://bgp.he.net/ip/84.200.69.80#_whois
|
| [3] - https://bgp.he.net/dns/dns.watch#_whois
| pul wrote:
| And the site is hosted on Digital Ocean:
| https://www.nslookup.io/dns-records/dns.watch
| monkaiju wrote:
| Sorry how did you determine they're running on DO? I only
| see ns30.dns4pro.com. like records under NS
| LinuxBender wrote:
| They did a forward lookup of dns.watch then looked up the
| IP. [1]
|
| [1] - https://bgp.he.net/ip/46.101.124.30
| ju-st wrote:
| Look at the sponsors page
| dewey wrote:
| The one that's empty?
| foolmeonce wrote:
| And if for example companies now donate, does that now make
| it trustable?
|
| Quad9 seems to be a valid 501 org, there must be an
| equivalent in germany?
| ju-st wrote:
| Below the BTC address is a link to a blog which is actually
| the personal page of somebody who claims in "projects" that
| dns.watch is his project.
| dewey wrote:
| Indeed, that also matches with the name on the AS
| ("formerly Ideal-Hosting UG"). Risky to run something
| without imprint in Germany.
| XzetaU8 wrote:
| initially behind this project was a hosting company called
| Ideal-Hosting UG (haftungsbeschrankt) which then changed its
| name to IAMONSYS GmbH, and in 2018 ceased to operate.
|
| https://lists.dns-oarc.net/pipermail/dns-operations/2014-Aug...
|
| https://web.archive.org/web/20181229211752/https://iamonsys....
|
| https://german-hoeffner.net/about/projects
| SecurityLagoon wrote:
| Agreed. Pointing your DNS at an untrusted provider is asking
| for your connections to be hijacked.
| [deleted]
| williesleg wrote:
| Oh that's a great idea I'm gonna point everything there! Thank
| you!
| Ericson2314 wrote:
| I used to use this for a bit, but I noticed a bunch of random
| things were missing, like llvm.org. How weird!
| rasengan wrote:
| You could also try running your own Handshake [1] node or SPV
| revolver [2] for uncensored DNS results.
|
| [1] https://handshake.org
|
| [2] https://GitHub.com/handshake-org/hnsd
| WarOnPrivacy wrote:
| Disappointed I can't watch DNS servers IRT. Or learn what that
| might look like.
| qwertox wrote:
| Yeah, I also was disappointed because of this.
| leipert wrote:
| As others point out, the link above seems sketchy and you
| shouldn't use it.
|
| Which DNS servers do you use / trust and why?
|
| For me it is:
|
| - DNS from digitalcourage (non-profit fighting for all kind of
| digital rights): https://digitalcourage.de/support/zensurfreier-
| dns-server
|
| - DNS from dismail (https://dismail.de/), potentially should
| double check my trust
|
| - LibreDNS: https://libredns.gr/ (a colleague of mine is on the
| team and they run their stuff open source)
| overcast wrote:
| Considering that it's literally called DNS "Watch". Pass.
| rubyist5eva wrote:
| NextDNS.io is all you need.
| Nux wrote:
| 127.0.0.1 is all you need.
| Hitton wrote:
| At first glance it looks great but at second it seems kinda
| sketchy. I see no info on which organization is running it and
| why should they be trusted. And even though it boasts about "no
| censorship", they write the "service provided ... from Germany" -
| Germany isn't known for being bastion of free speech[1][2].
|
| [1]: https://nymag.com/intelligencer/2016/04/germany-to-
| prosecute...
|
| [2]: https://www.washingtonpost.com/world/europe/germany-
| springs-...
| dewey wrote:
| Also the only information you can find out about them is some
| NOC listed on https://dns.watch/why:
| https://stat.ripe.net/AS61957#tabId=at-a-glance which just
| seems to be some dutch hoster.
| skrause wrote:
| It's funny that your first example for Germany's lack free
| speech is a case that was dropped after public outcry which and
| ultimately lead to the abolishment of an outdated 19th century
| penal code:
| https://en.wikipedia.org/wiki/B%C3%B6hmermann_affair
| Hitton wrote:
| I think that need of public outcry to stop such ludicrous
| infringement of freedom of expression is enough to show where
| Germany stands.
| carstenhag wrote:
| Wow, not sure where to begin. Of course it was legal. Of
| course it is protected by "freedom of speech" or in this
| case more likely by "freedom of art". But then Erdogan's
| lawyers found out there's an old German law about insulting
| other countries' state heads.
|
| To make it clear: Insulting is not freedom of speach in
| Germany. So it does make sense that it had to be checked
| whether it was an insult of a state head or not.
|
| It ended with removing that law because it's stupid.
| s_dev wrote:
| >Germany isn't known for being bastion of free speech[1][2].
|
| Germany isn't known for free speech but does have some of the
| strictest privacy laws in the world.
|
| https://en.wikipedia.org/wiki/Bundesdatenschutzgesetz
| qwertox wrote:
| But it only attempts to protect you from companies. If the
| government believes a domain to be an illegal resource, it
| has all the necessary legal tools available to force them to
| censor it.
|
| Edit: Also, since it is hosted in Germany, or at least
| offered as a German product, it should be required to contain
| an Imprint (Impressum), which this site doesn't have. I agree
| with this being a pretty sketchy service.
| leifg wrote:
| Oh really? Which laws/legal tools/precedences are you
| referring to?
| qwertox wrote:
| SS 100a StPO (Telekommunikationsuberwachung), probably SS
| 100b StPO (Online-Durchsuchung) as well.
|
| An interesting thing is that lately authorities not only
| request logging of IP addresses, but also the port which
| initiated the connection.
|
| For some time I thought that this was ridiculous, but
| then it turns out that if you use a VPN or a DS-Lite-
| Gateway, the port will allow you to be identified.
|
| Edit: I'm using this edit as a reply to the follow-up
| question, since I can't reply to it directly. While you
| are right that a specific domain can't be censored, the
| provider can be instructed to log requests for that
| domain name and provide the timestamp/IP/port to the
| authorities, as well as answer to the client with
| modified data.
| leifg wrote:
| again, where does it say anything about censorship in any
| of these laws?
| stonesweep wrote:
| Took me all of 2 minutes to Google.
|
| https://dejure.org/gesetze/TMG/5.html
|
| https://translate.google.com/translate?sl=auto&tl=en&u=ht
| tps...
| leifg wrote:
| Where does it say anything in there about censoring a
| domain?
| stonesweep wrote:
| I was replying to the (Edit) by GP (to me) about the
| Impressum, it appears you were addressing the censorship
| preceding sentence. I read your reply as a challenge to
| the second (Edit) statement due to it's passive-
| aggressive nature and non-specific target subject. You
| simply said "show me some laws", so I did and here we
| are.
| leifg wrote:
| Fair enough, didn't connect the edit to your comment.
| carstenhag wrote:
| Free speech does not mean tolerating insults, inciting for
| violence, inciting for terrorism and other very bad things.
|
| Germany does have good freedom of speech laws, but you can't do
| anything you want.
| PeterStuer wrote:
| It says "Served from Germany", but the IP block is owned by
| Proximus Group, Belgium's largest majority state owned telecoms
| operator.
| jgrahamc wrote:
| Does this support DNS-over-HTTPS or DNS-over-TLS?
| WarOnPrivacy wrote:
| This is the closest thing I can find to an updated list of DoT
| servers. https://kb.adguard.com/en/general/dns-providers
|
| There's no reference to DoT in DNS Watch's entry.
|
| note: An updated list would contain OSZX's 51.38.83.141
| circularfoyers wrote:
| The DNS servers used in DNSCrypt would be a more updated list
| of DoT (DoH and DNSCrypt) servers I would imagine.
| https://dnscrypt.info/public-servers
| kseistrup wrote:
| In the same family: Uncensored DNS [?]
| https://blog.uncensoreddns.org/
| hundchenkatze wrote:
| Sorry, this is off topic. I hadn't seen the looped square
| symbol used beyond the Mac command key, but it turns out that
| it signifies a place of interest in many locales.
|
| https://en.wikipedia.org/wiki/Looped_square#Modern_use
| kseistrup wrote:
| Yes, that's why I used it: place of interest
| smarx007 wrote:
| Where is Impressum & Datenschutz if it's a German site?
___________________________________________________________________
(page generated 2021-01-15 23:02 UTC)