Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

What do you use as primary and secondary DNS Servers on your PC/Laptop? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

What do you use as primary and secondary DNS Servers on your PC/Laptop?

2»

Comments

  • MeAtExampleDotComMeAtExampleDotCom Member
    edited October 2022

    Home: everything through a PiHole that in turn talks to my ISP's DNS servers as they have a track record wrt providing an unfiltered connection (I'll do my own filtering, ta!).

    Laptop (when away from home): 8.8.8.8/8.8.4.4 by default, then PiHole when connected to my VPN. I keep thinking I've got enough RAM on there to run PiHole in a tiny VM, then it can have that stalking protection without the VPN, but I've not got around to trying that.

    Phone: currently whatever my provider offers, unless on home wireless. I must get around to putting the VPN on it (though I never got around to that at all on the handset this one has just replaced).

  • MrLimeMrLime Member

    @iNanja said:
    I use Simple DNSCrypt, it has a nice GUI. It auto selects best DNS depending on where I am.

    It has these options in configuration so that it filters what type of DNS I want. It lets me assign those options to one adapter or multiple adapters.

    I have had it running 24/7 since Simple DNSCrypt came out, I have never had any issues.

    +1 for Simple DNSCrypt. I've been using it for a while with Quad9. Only con for me is it delays internet connectivity by about 10 seconds on bootup but doesn't matter. I rather have a good setup than the defaults.

  • tjntjn Member

    @zed said:
    never quite understood everybody's fascination with giving their query data to bigcorps like google, cloudflare etc.

    I wouldn’t use CloudFlare had they not gone through an external audit.

    https://cf-assets.www.cloudflare.com/slt3lc6tev37/5xlHCvvNBrvrIoWbuk1vTy/e1058b0d366adf4e983aef99a6ed2a1f/Cloudflare_1.1.1.1_Public_Resolver_Report_-03302020__2.pdf

    https://blog.cloudflare.com/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination/

  • dotcomUNDERGROUNDdotcomUNDERGROUND Member

    CloudFlare, the one from ZeroTrust.

  • dotcomUNDERGROUNDdotcomUNDERGROUND Member

    From nextdns.io site:

    Rewrites
    Set or override the DNS response for any domain.

    Nice! Easy for testing stuffs.

  • let_rockslet_rocks Member

    @drizbo said:
    Whatever my ISP gives me via dhcp.

    This.

  • CheepCluckCheepCluck Member

    @let_rocks said:

    @drizbo said:
    Whatever my ISP gives me via dhcp.

    This.

    My ISP knows the best DNS for me to get the best speedtest.net results.

  • rogerwilcorogerwilco Member

    @jsg said:

    @Arkas said:
    Cloudflare does the job I need just fine.

    Flagged for hidden racism!!!(shriek)

    The IP of some site is not what its DNS entry says but what we feel to be the IP!!!

    I think we're witnessing LET's newest bromance blooming!

  • MikeAMikeA Member, Patron Provider

    I always set my devices to CloudFlare first, Google second. More reliable than any ISP default servers, and lower latency than any others. I don't care about private/anonymous DNS queries or blocking ads via DNS on my personal devices.

  • iNanjaiNanja Member

    Hey, is CloudFlare warp for DNS a VPN? A quick google search and I see this.

    WARP essentially protects your traffic with encryption, while 1.1.

    Another site says this.

    1.1. 1.1 isn't a foolproof VPN product. Your data is somewhat exposed.

    From CloudFlare

    Technically, WARP is a VPN. However, we think the market for VPNs as it's been imagined to date is severely limited.

    Is your data encrypted or exposed, what is the truth? I know my IP becomes masked if I was to use CloudFlare warp for DNS, which makes me feel like I am on a VPN and speeds are rather instantaneous.

  • emgemg Veteran

    This is a great question, and a problem that I worked on a few years ago. My goal at the time was to optimize DNS performance on our home network.

    Like @TimboJones, the router/firewall provides DNS and DHCP services for our home network. Everything inside the LAN uses the router as the DNS server and DNS forwarder. The problem I worked on is where to point the router for forwarding DNS queries.

    The OP asked about PC/Laptop and my primary personal computer is a laptop. My laptop is configured with multiple "Locations." Each Location uses only one physical interface and disables all other interfaces for security.

    Here are the locations I have now:

    • Automatic - Original default, used only for initial setup. Kept as an emergency fallback, but never used.
    • Disabled - All interfaces disabled with no external network. Useful for hostile environments and also for development and testing in isolation.
    • Home Dock Ethernet 182 - The Ethernet interface is provided by a Thunderbolt 3 dock on my desk. The IP address ends in "182".
    • Home Dongle Ethernet 182 - A portable USB-C/Ethernet adapter. I use it when I need Ethernet and the laptop is not on my desk.
    • Home WiFi 192 - WiFi on the home LAN. The WiFi IP address ends in "192", which is 10 above the corresponding Ethernet IP address. I use "10 above" to help remember which devices are which on the LAN.
    • Phone USB - Uses Cellular Data "tethering". Useful when WiFi is not available or trusted.
    • Setup - This is to use the Ethernet dongle to configure devices and appliances or just be at a fixed address on a specific network. It gets whatever fixed address is needed to talk with new appliance device to configure it. For example, the IP address is currently set for 192.168.0.2 to setup devices that default to 192.168.0.1. This way, I can do stuff without changing or messing up the other Location settings that I use often.
    • Wired Dongle Ethernet DHCP - Gets IP address and DNS from a DHCP server on an Ethernet network. A typical scenario is visiting a customer site or helping a friend on their network.
    • Wireless WiFi DHCP - Gets IP address and DNS from DHCP server on a WiFi network. A typical scenario is visiting friends or family, or connecting to a public WiFi in a coffee shop, restaurant, hotel, or other public building.

    Some years ago, I worked on this problem:
    -> Which public DNS servers are "best" for forwarding DNS queries from our home LAN?

    My choices included the DNS servers offered by our ISP's DHCP server. They also included lists of popular fast public DNS services from companies such as NTT, Hurricane Electric, OpenDNS (now owned by Cisco), etc. I also added the well-known Google (8.8.8.8, 4.4.4.4) and the more recent Cloudflare (1.1.1.1, 1.0.0.1) public DNS servers.

    Another consideration is privacy. How do companies like Google use the DNS query data that they collect? How do they correlate it with other user activities? I cannot answer these questions, but it is a concern of mine. In addition, be aware that some public DNS servers filter results for "family friendly" or other security purposes, which may be useful to some people. We don't have children on our home LAN at present, so I prefer unfiltered results.

    I used Steve Gibson's DNS benchmark tool to assess DNS performance. I used the results to help me choose DNS servers for my router. Please note that this is a Windows executable:
    https://www.grc.com/dns/benchmark.htm

    Here are a few observations and issues that I have encountered over the years:

    • Be careful how and where you run DNS benchmarking tools. Your firewall (or someone else's firewall) may notice and block or interfere with your measurements.
    • Results "deteriorate" over time. If you run the same test a year from now, you will see different results. What was fast today may be slow tomorrow.
    • DNS servers can disappear over time. That fast DNS server you choose today may be taken offline next year.
    • New, better DNS servers appear from time to time. Cloudflare's 1.1.1.1 servers appeared in 2018, long after I had run the DNS benchmarking tests for my current setup.
    • ISP-provided DNS is unpredictable. The DNS server addresses provided by my ISP DHCP server vary a lot in performance. Sometimes they yield the fastest results; other times they are slow or down. You never know.
    • It helps to understand your router's DNS forwarding behavior. How does your router issue DNS requests to multiple servers? One at a time with timeouts? All at once? How does your router handle, rank, and time-out returned results? First response wins no matter what? Allow time for a positive response from another DNS server? Wait for multiple results and choose them in a specific order?

    My router/firewall accepts the first response no matter what, even if it is wrong or "not-found." It sucked when I was moving domains and servers. The fastest responding DNS server may be the last server to get a DNS change propagated to it.

    Which forwarders do I use? I am looking at my router/firewall right now, and here are the settings, probably unchanged from around 2014:
    1. x.ns.gin.ntt.net (129.250.35.250)
    1a. y.ns.gin.ntt.net (129.250.35.251)
    2. ordns.he.net (74.82.42.42)
    3. (Deleted - probably no longer public or too slow.)
    4. (Deleted - probably no longer public or too slow.)
    5. Cloudflare (1.1.1.1)

    Spectrum Internet provides DNS for its ISP customers of course. I do not know whether they can be used by the public. Here are the current DNS addresses that are assigned. They have not changed in several years:
    209.18.47.63
    209.18.47.62

    Currently, the checkbox "Use forwarders assigned by ISP" setting is disabled on my router, so I am using only the public ones (NTT, HE, Cloudflare) I listed above. Sometimes I enable the checkbox to see if the internet "feels faster". It doesn't.

    I hope this wall of info helps someone, especially the OP.

    Thanked by 1Ympker
  • johnnyquestionjohnnyquestion Member

    @emg said:
    This is a great question, and a problem that I worked on a few years ago. My goal at the time was to optimize DNS performance on our home network.

    Like @TimboJones, the router/firewall provides DNS and DHCP services for our home network. Everything inside the LAN uses the router as the DNS server and DNS forwarder. The problem I worked on is where to point the router for forwarding DNS queries.

    The OP asked about PC/Laptop and my primary personal computer is a laptop. My laptop is configured with multiple "Locations." Each Location uses only one physical interface and disables all other interfaces for security.

    Here are the locations I have now:

    • Automatic - Original default, used only for initial setup. Kept as an emergency fallback, but never used.
    • Disabled - All interfaces disabled with no external network. Useful for hostile environments and also for development and testing in isolation.
    • Home Dock Ethernet 182 - The Ethernet interface is provided by a Thunderbolt 3 dock on my desk. The IP address ends in "182".
    • Home Dongle Ethernet 182 - A portable USB-C/Ethernet adapter. I use it when I need Ethernet and the laptop is not on my desk.
    • Home WiFi 192 - WiFi on the home LAN. The WiFi IP address ends in "192", which is 10 above the corresponding Ethernet IP address. I use "10 above" to help remember which devices are which on the LAN.
    • Phone USB - Uses Cellular Data "tethering". Useful when WiFi is not available or trusted.
    • Setup - This is to use the Ethernet dongle to configure devices and appliances or just be at a fixed address on a specific network. It gets whatever fixed address is needed to talk with new appliance device to configure it. For example, the IP address is currently set for 192.168.0.2 to setup devices that default to 192.168.0.1. This way, I can do stuff without changing or messing up the other Location settings that I use often.
    • Wired Dongle Ethernet DHCP - Gets IP address and DNS from a DHCP server on an Ethernet network. A typical scenario is visiting a customer site or helping a friend on their network.
    • Wireless WiFi DHCP - Gets IP address and DNS from DHCP server on a WiFi network. A typical scenario is visiting friends or family, or connecting to a public WiFi in a coffee shop, restaurant, hotel, or other public building.

    Some years ago, I worked on this problem:
    -> Which public DNS servers are "best" for forwarding DNS queries from our home LAN?

    My choices included the DNS servers offered by our ISP's DHCP server. They also included lists of popular fast public DNS services from companies such as NTT, Hurricane Electric, OpenDNS (now owned by Cisco), etc. I also added the well-known Google (8.8.8.8, 4.4.4.4) and the more recent Cloudflare (1.1.1.1, 1.0.0.1) public DNS servers.

    Another consideration is privacy. How do companies like Google use the DNS query data that they collect? How do they correlate it with other user activities? I cannot answer these questions, but it is a concern of mine. In addition, be aware that some public DNS servers filter results for "family friendly" or other security purposes, which may be useful to some people. We don't have children on our home LAN at present, so I prefer unfiltered results.

    I used Steve Gibson's DNS benchmark tool to assess DNS performance. I used the results to help me choose DNS servers for my router. Please note that this is a Windows executable:
    https://www.grc.com/dns/benchmark.htm

    Here are a few observations and issues that I have encountered over the years:

    • Be careful how and where you run DNS benchmarking tools. Your firewall (or someone else's firewall) may notice and block or interfere with your measurements.
    • Results "deteriorate" over time. If you run the same test a year from now, you will see different results. What was fast today may be slow tomorrow.
    • DNS servers can disappear over time. That fast DNS server you choose today may be taken offline next year.
    • New, better DNS servers appear from time to time. Cloudflare's 1.1.1.1 servers appeared in 2018, long after I had run the DNS benchmarking tests for my current setup.
    • ISP-provided DNS is unpredictable. The DNS server addresses provided by my ISP DHCP server vary a lot in performance. Sometimes they yield the fastest results; other times they are slow or down. You never know.
    • It helps to understand your router's DNS forwarding behavior. How does your router issue DNS requests to multiple servers? One at a time with timeouts? All at once? How does your router handle, rank, and time-out returned results? First response wins no matter what? Allow time for a positive response from another DNS server? Wait for multiple results and choose them in a specific order?

    My router/firewall accepts the first response no matter what, even if it is wrong or "not-found." It sucked when I was moving domains and servers. The fastest responding DNS server may be the last server to get a DNS change propagated to it.

    Which forwarders do I use? I am looking at my router/firewall right now, and here are the settings, probably unchanged from around 2014:
    1. x.ns.gin.ntt.net (129.250.35.250)
    1a. y.ns.gin.ntt.net (129.250.35.251)
    2. ordns.he.net (74.82.42.42)
    3. (Deleted - probably no longer public or too slow.)
    4. (Deleted - probably no longer public or too slow.)
    5. Cloudflare (1.1.1.1)

    Spectrum Internet provides DNS for its ISP customers of course. I do not know whether they can be used by the public. Here are the current DNS addresses that are assigned. They have not changed in several years:
    209.18.47.63
    209.18.47.62

    Currently, the checkbox "Use forwarders assigned by ISP" setting is disabled on my router, so I am using only the public ones (NTT, HE, Cloudflare) I listed above. Sometimes I enable the checkbox to see if the internet "feels faster". It doesn't.

    I hope this wall of info helps someone, especially the OP.

    The fastest would be an inhouse DNS server, the next best I could think of was one that was caching POST requests at the edge on Cloudflare and using DoH. A note about DoH, with caching and 307 or 308 redirects I did have some SSL certificates get mixed up (Somehow Google tried to use a Facebook certificate)

  • adwsislifeadwsislife Member
    edited October 2022

    @Prime404 said:
    I'm using NextDNS that is allocated automatically to my devices using DHCP:
    https://nextdns.io/

    Works very well and is basically a cloud-hosted adguard home/pihole.

    Thank you for mentioning nextdns
    Did not know about it before.
    I made an account and its very good in terms of simplicity of
    1. Allowing or blocking any domain
    2. Applying Blocklist (i.e., tracker/ad blocklist)
    3. See the various urls in logs to check internet activity

    Thank you again :) <3

  • niranjanniranjan Member

    Cloudflare.

  • JasonMJasonM Member
    edited October 2022

    I use the combination. According to DNS Jumper software I use to allot IP for my home router.. For my country 8.8.4.4 has less than 15ms and 1.0.0.1 less than 30ms resolve time than their same counterparts 8.8.8.8 and 1.1.1.1 which are 97ms (Google), and 255ms (CF) respectively. IDK why same DNS resolver with primary IP have higher resolve time than the secondary IP. May be the traffic/congestion is low on secondary IPs?

    P.S. I also tried HE DNS, its resolve time is 200ms+ but after initial connecting time/resolve time the site/pages load super fast on this DNS IP. Seems no one is using HE in my country? Thats why the pipe is empty and fast?

  • edoarudo5edoarudo5 Member

    I run a VPS near my country with Pi-Hole, Unbound and Wireguard installed. Then I use a GL.iNet router with wireguard and kill-switch enabled. Almost as good as my native connection with my own customized DNS settings running.

  • patropatro Member

    i use dnscrypt on my router which is running openwrt

  • aakashmishra007aakashmishra007 Member

    I use Google DNS for my PC

  • ThinVpsThinVps Member

    Vps with wireguard using 149.112.112.112 (quad9), 84.200.69.80 (dns.watch).

  • ShakibShakib Member, Patron Provider

    1.1.1.1 everywhere.

    Own VPNs and Exitlag.

  • TimboJonesTimboJones Member

    @adwsislife said:

    @Prime404 said:
    I'm using NextDNS that is allocated automatically to my devices using DHCP:
    https://nextdns.io/

    Works very well and is basically a cloud-hosted adguard home/pihole.

    Thank you for mentioning nextdns
    Did not know about it before.
    I made an account and its very good in terms of simplicity of
    1. Allowing or blocking any domain
    2. Applying Blocklist (i.e., tracker/ad blocklist)
    3. See the various urls in logs to check internet activity

    Thank you again :) <3

    https://github.com/hjk789/NXEnhanced

    NextDNS must have.

    Thanked by 1adwsislife
  • adwsislifeadwsislife Member

    @TimboJones said:

    @adwsislife said:

    @Prime404 said:
    I'm using NextDNS that is allocated automatically to my devices using DHCP:
    https://nextdns.io/

    Works very well and is basically a cloud-hosted adguard home/pihole.

    Thank you for mentioning nextdns
    Did not know about it before.
    I made an account and its very good in terms of simplicity of
    1. Allowing or blocking any domain
    2. Applying Blocklist (i.e., tracker/ad blocklist)
    3. See the various urls in logs to check internet activity

    Thank you again :) <3

    https://github.com/hjk789/NXEnhanced

    NextDNS must have.

    Useful stuff for nextdns users
    Thank you for sharing :)

  • sonicsonic Veteran

    @MikeA said:
    I always set my devices to CloudFlare first, Google second. More reliable than any ISP default servers, and lower latency than any others. I don't care about private/anonymous DNS queries or blocking ads via DNS on my personal devices.

    same

Sign In or Register to comment.