DNS and PPPoE On (RED) Internet

dwj · September 9, 2018, 5:05am

NethServer Version: 7.5.1804
Module: N/A

Nethserver is DNS and gateway for my local network.

Is it possible to have the Nethserver allocate its upstream DNS server from the DNS information provided by my internet service provider when the PPPoE is established.
I’m thinking that manually setting the Remote DNS is a bad idea, it would be better to allow dnsmasq to set it to whatever DNS value comes from the PPPoE connection.

Out of the box routers seem to work this way, but I can’t seem to get it happening on Nethserver.
If I set the DNS server to be the IP of my Nethserver, DNS fails (I can ping a remote IP address) but no DNS resolution.

robb · September 9, 2018, 8:26am

If you set your ISP DNS services, you depend and trust that. Personally I would rather use a privacy friendly DNS service like:
OpenNIC: IP Addresses: 206.125.173.29 and 45.32.230.225
DNS Watch: IP Addresses: 84.200.69.80 and 84.200.70.40
FreeDNS: IP Addresses: 37.235.1.174 and 37.235.1.177
(OpenDNS: IP Addresses: 208.67.220.220 and 208.67.222.222) (currently owned by Cisco, which is a US based commercial company. I don’t currently use it and my gut-feeling says that they will profile users that use the service)

So,… I would set it manually and not use the automagically-pushed-by-the-ISP DNS servers.

dwj · September 9, 2018, 10:15am

Thanks Rob. I agree with your sentiments regarding privacy. I guess setting them manually assumes they will never change (which is probably a safe bet with the ones you have listed). So maybe I will follow your advice but am now still curious if the automatic approach can be done with the standard WebGUI?

And an even more philosophical question is, even if I use a privacy friendly DNS service, can’t my ISP just track all those requests? Am I better off? (Or have I just opened a can of worms with that question??)

PS: Thanks dnutan for the cleanup of my post!

robb · September 9, 2018, 10:59am

Unless you use something like a VPN outside the ISP network, your ISP probably can see every bit that is going through since you have to pass at least 1 of their routers that is connecting their network to the rest of the internet. But a DNS service is a far more easier tool to profile individual users.

Another option is to always use https. But still, then you shouldn’t use ISP DNS services.

Coincidence or not, I just received this post on Diaspora*: https://blog.powerdns.com/2018/09/04/on-firefox-moving-dns-to-a-third-party/
really a nice read.