I have straight bind running on my network already for local zones, it would be easy enough to switch it to be a root resolver. The only problem is it’s a lot slower. I use DoT to cloudflare for non-local zones (using blocky); if you run a root resolver, your DNS traffic is all in the clear. Not like it truly matters but I wouldn’t put it past my ISP to do DPI on DNS traffic to try to sell my data.
I trust them more than my ISP (Verizon). Quad9 is, and I used it for some time as an upstream, but it is markedly slower for me than cloudflare. Those milliseconds add up for an impatient asshole like myself.
Hopefully this doesn’t affect quad9 or cloud flare DNS, or I might have to go back to running a root resolver. The horrors.
Why not run unbound for a recursive resolver? Seems like a more private DNS solution
I have straight bind running on my network already for local zones, it would be easy enough to switch it to be a root resolver. The only problem is it’s a lot slower. I use DoT to cloudflare for non-local zones (using blocky); if you run a root resolver, your DNS traffic is all in the clear. Not like it truly matters but I wouldn’t put it past my ISP to do DPI on DNS traffic to try to sell my data.
Do you know if cloudflare is privacy respecting? I know quad9 certainly is
is it though? what makes it trustworthy?
I trust them more than my ISP (Verizon). Quad9 is, and I used it for some time as an upstream, but it is markedly slower for me than cloudflare. Those milliseconds add up for an impatient asshole like myself.