Host Your Own Encrypted DNS Server

Use this link to get yourself a Vultr VPS
Use this link to get the little daemon T shirt (also available in long sleeve, pullover hoodie, and ladies shirts)

MentalOutlaw

Blink 2 times if you're ok. 3 times if the NSA is holding you hostage

njpme

Love the Windows XP style theme! Also, yet another high quality video from you, thanks for being awesome man!

dueeek

Love your channel man! We need people like you who care about privacy and freedom in this crazy digital world!

Teddev

Merry christmas Kenny, and hopefully a happy new year :^)

noctisumbra

The limit I see to privacy in this setup is it still depends on upstream DNS, and your private server may still be traced to you. To improve this you need your private DNS open for wider use, hence ambiguity of who is requesting a lookup.

hanelyp

My limited understanding with DNS is that when one does a recursive DNS query, the queried DNS server needs to check the root server first, which eventually tells the DNS server what IP it is searching for. If this is hosted locally, only the local connection to the queried DNS server would be protected by DoH, and the DNS server making the actual query would be in plaintext still. Wouldn't it be actually worse than using a VPS, if you consider the ISP as a bad actor in the proposed threat model, since they can just read the outgoing traffic of the DNS server?

cyberdusttv

Not just privacy but also speed when held locally.
Add you frequently visited sites to your local hosts file for snappier surfing.

noanyobiseniss

Important thing to note!
You should not run a UDP based DNS Server publicly accessible.
This can be used for DNS amplification attacks. Either move your DNS to a VPN (with headscale for example) or only allow HTTPS requests.

MrTechguy

Merry TLS 1.3 Christmas Mental Outlaw and have a happy DNSSEC New Year!! :D

fildisco

Just learned about DNS leaks today! On an unrelated note, u should drop a tutorial on removing rogue-deepfake AIs from my walls

turtleswithbombs

thank you for taking time off playing for the boston celtics to bring us this video

beydb

I havent even watched the video yet... just logged in to give it an instant LIKE and thank you Kenny for always having our back. In a world where Governments and large Companies want to invade and completely STRIP us of everything when it comes to privacy... I truely hope for the new year 2024, a voice like your will continue be a light for us non-tech-savy to ensure that our privacy is protected and not SOLD or invaded. I wish you a happy New Year in advance🌹🤝 🌹 All the best. PS: I WISH there was a way to DM you regarding something... do hint me in the right direction if possible.

specthegod

There are some things it makes sense to host yourself but recursive DNS isn't one of them, you're isolating your queries to a single VPS in the cloud with no upstream anonymity. You're much better off using an on-premise DNS cache/filter like Adguard/Pihole and configuring it to use a privacy aware upstream DNS service like Quad9, over DoH of course. Route your queries over Mullvad if you're extra paranoid but that's overkill and not necessary for 99% of threat models.

harveybolton

putting your recursive nameserver locally will NOT solve the DNS-information leak, because at the moment still all DNS-requests done recursive nameservers are still NOT encrypted. Sadly.

autohmae

Great video as always. If only DNS was real.

kidus_tv

Mental Outlaw is a white guy from Boston.

chrisphoenix

So it’s the most private DNS setup, even though the DNS server can be identified as yours, it talks to other DNS servers in the clear (because that’s how top-level DNS works), and you’re the only person/family using it.

OcteractSG

04:50 I was bloody jamming to that music. Why did it have to stop. I want to live my life with that soundtrack running.

babelboy-akababz

Holy shit that thumbnail what the fuck

ThatRandomGuyInTheComments