I mean, as far as I know, DNS is decentralized. Anyone can host their own DNS server, or change which server their network/device uses. Google’s is just very commonly used because 8.8.8.8 is easy to remember, but there are thousands of others run by entities big and small, and there’s nothing stopping you from running your own (assuming you manage to get a hold of a static IPv4)
This is the correct answer. The only thing I would add is some devices don’t allow changing the DNS IPs and are hard coded to 8.8.8.8 so Google blocking sites via DNS is still an issue. Of course you could intercept these requests, but with DNS over HTTPS becoming more popular, i would imagine that device manufactures will also start to do certificate pinning as well to prevent people from using their own DNS server.
HTTPS becoming more popular, i would imagine that device manufactures will also start to do certificate pinning as well to prevent people from using their own DNS server.
I mean, as far as I know, DNS is decentralized. Anyone can host their own DNS server, or change which server their network/device uses. Google’s is just very commonly used because 8.8.8.8 is easy to remember, but there are thousands of others run by entities big and small, and there’s nothing stopping you from running your own (assuming you manage to get a hold of a static IPv4)
This is the correct answer. The only thing I would add is some devices don’t allow changing the DNS IPs and are hard coded to 8.8.8.8 so Google blocking sites via DNS is still an issue. Of course you could intercept these requests, but with DNS over HTTPS becoming more popular, i would imagine that device manufactures will also start to do certificate pinning as well to prevent people from using their own DNS server.
Why? Just BC fuck plebs?
the answer is always money.
The answer is always DRM and monetization. If you didn’t have enough reasons to not buy products with locked down software, here’s even more reasons.
Do I need a static ip if I plan to only use it locally from my home network?
The box on which the dns server runs will need a static internal IP address.
If you’re only going to use it from within your own LAN, then no, you don’t need a static public address
What I suggest/have done:
Rent a cheap VPS in a non-five eyes country that comes with a static ipv4.
SSH on random port with certificate auth only. No root, no password auth.
setup WireGuard server with random port.
firewall block all incoming except ssh and WireGuard port at first.
set home server to connect via wireguard as sole client to VPS.
individually add any ports you want to go to the home server from the internet as NAT forwarded ports. Basically WWW -> VPS -> Home.
have a separate WireGuard VPN for outgoing from the home server.
profit?
But it’s crazy complicated. At least it was for me. Not for the faint hearted imo.
I’ve been using Google’s Public DNS for quite a while, should I switch to Cloudflare or NextDNS after reading OP’s post ?
Can also set up ipv6 dns, those always static.
You would think…
You are 100% correct. The issue isn’t the infrastructure per se, but the usage of it.
By decentralizing, I guess I mean finding a way to remove the ability for a mega company like Google from being able to dominate the playfield.
The percentage of internet users that can or will bother to run their own DNS is way too low.
How easily DNS can be manipulated by any network for the average end user is the blessing and the curse it seems.