學師仔

Thank you, Your Honor! See if I got time... Meow!
I think Cloudfare HKG was not quite up to its ...
toylet 發表於 2020-12-9 11:32 PM

    If I read your thread correctly....were you using both BoH and DoT at the same time??You shouldn't be used both differ protocols at the same time,it's weird..or you meant you were running DoT protocol and just the encrypted page on browser?(I don't feel any laggy traffics by using stubby DoT and those encrypted web sites.)
As long as you seem to be the hater of  encryptions,you should kick yourself  to Unbound insteads.

Rolf

如果自己屋企／私人都係用Unbound算

學師仔

It could be just that website that's using a slow server... maybe it's unrelated to DNS. I don't ha ...
toylet 發表於 2020-12-10 10:24 PM

I guess Tor is the best bet for privacy,but who knows.

It's sorta contradictory..for Unbound running thru encryption,just straight ahead using DoT without others.Unbound using kinda caching in order to speed up your surfing with port 53 and the point somehow recursive server's already as authoritative resolver and bypass any man in the middle(other protocols and servers considers as),but like I said,many users happy with such combinations then it wont be a problem..just somewhat contrary to principle of  recursive resolver IMHO. ESNI stills kinda  new development for either browsers and and servers by both side...which means compatibility would be an issue..feel in that way....arrrrghhh,talked too much for myself,get yourself away with trouble

Just peeped on the thing you've mentioned,I guess it's just DoH for win10,DoT still developing,and it's just compile with that while you not running any protocols on networking.

學師仔

如果自己屋企／私人都係用Unbound算
Rolf 發表於 2020-12-10 06:54 PM

    師兄講得啱,快,靚,正,只喺sacrificed certain of "privacy"

Rolf

師兄講得啱,快,靚,正,只喺sacrificed certain of "privacy"
學師仔 發表於 2020-12-11 15:51

其實都冇乜sacrificed
因為ISP一定會知你request過的ip
就算encrypt dns query，ISP都可以做reverse lookup
想hide from ISP只能靠vpn

反而用Unbound cut out 哂 middle-man，所以甚至唔洗trust public DNS (Google DNS, Cloudflare等) / Anonymized DNS relays
我感覺上仲安全左

參考: https://www.snbforums.com/thread ... page-59#post-549312

學師仔

回覆 26# Rolf


    師兄好波~,我只喺唔想自己"某程度上既私隱做成leakage"isp要做你根本冇問題,just matter(difficulty) of time.我又唔怕isp知我去邊,我唔想personal data會surf on net咋如果佢dns做得靚(dnssec,DoT),I definitely hands off. 我都用過Unbound,真喺唔錯,但有怪癖,見到port53唔舒服.
但unbound都要beware of malicious server..ambushed otherwise.

Rolf

回覆 27# 學師仔
個人使用經驗：Unbound with DNSSEC
1. Local recursive lookup 唔會出街所以可以忘記DoT/DoH
2. 同樣因為係local recursive lookup data 唔會全世界走
3. DNSSEC 防 cache poisoning
4. 有cache+唔需要做encryption，實際使用上速度同用普通ISP DNS唔會有明顯分別，甚至快過用1.1.1.1 with DoT/DoH
5. Firewall block :53 form public, 只有private network 內可以用呢隻Unbound server
已經做到哂一般私人用想要的效果

出左街冇得用屋企network的時候我先會考慮用1.1.1.1，或者直接VPN返屋企private network

學師仔

回覆 28# Rolf


    Same configs liked yours while with Unbound but firewall.
d高手真係要三跪九叩先教人,都冇解嘅