Does a Duckduckgo privacy equivalent exist for DNS servers?

Werner Obermeier writes:
So, if I understood you, any one of these 13 servers is the backbone
of the Internet in that THEY are the master DNS servers?
For example, if all 13 were to fail at once (just theoretical), would
the Internet stop working?

David W. Hodgins writes:
Yes and yes. If one of the servers goes down, the domain names it
stores would not be accessible, until it was replaced and restored,
but any of the root servers can be used to find all of the root
servers that are working.

DNS would not stop working immediately. Every nameserver at every level
caches every lookup that it does for a period noted in the entry. The
root servers do not get consulted all that often.
--
John Hasler

Dancing Horse Hill
Elmwood, WI USA

On Sun, 14 Jun 2015 10:13:21 -0400, John Hasler wrote:

DNS would not stop working immediately. Every nameserver at every level
caches every lookup that it does for a period noted in the entry. The
root servers do not get consulted all that often.

True, but there are normally only three levels. The server being used, the root servers, and the domain severs. The longest cache setting I've seen is
1 day, though it's also not unusual to see short time like 10 minutes, or
less.

If the root servers were down, the dns server being used would only have
entries in it's cache for sites that had been looked up within the expiry
time of those entries.

For example, a site registered with dyndns.org typically has a timeout
of 600 seconds (10 minutes), so it would stop being accessible if the
root severs, or the dyndns servers were down for longer than that.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Sat, 13 Jun 2015 20:17:32 -0400, Mayayana wrote:

| Is there a set of DNS servers with a philosophy of NOT remembering
| everything ... (sort of like how Duckduckgo promises for browsing)?

OpenDNS

208.67.222.222
208.67.220.220

I don't know for sure how trustworthy they are,

Their HQ is based in the US, so I wouldn't use it.

--
s|b

David W. Hodgins writes:
For example, a site registered with dyndns.org typically has a timeout
of 600 seconds (10 minutes), so it would stop being accessible if the
root severs, or the dyndns servers were down for longer than that.

The root servers only handle top level domains (com, net, org, biz,
info, etc.) org has a TTL of 86400.

--
John Hasler

Dancing Horse Hill
Elmwood, WI USA

On Sunday June 14 2015 09:16, in alt.os.linux, "Andy Burns"
wrote:

Werner Obermeier wrote:

So, if I understood you, any one of these 13 servers is the backbone
of the Internet in that THEY are the master DNS servers?

For example, if all 13 were to fail at once (just theoretical), would
the Internet stop working?

Yes,

Yes and No.

No, the internet would not stop working. The TCP/IP protocols do not depend on
DNS; they are quite happy with IP addresses.

No, even the Domain Name System would keep going, just under a different set
of root servers. You can even use these alternative root servers now; check
out the UnderNIC project, for instance.

Yes, most Internet "users" would be unable to use the Internet, because they
depend on the official root servers, and don't know how to change to the
alternates. Anyone who gets their DNS resolved through their ISP or
through "public" DNS servers like Google would likely be unable to use the
Internet should the official root servers die.

but just because there are 13 names of root DNS servers, most names
have many actual servers (e.g. there are 150 L servers) in widely spaced
locations using anycast routing.

e.g. there are three L's, two D's and one each of A, E, F, K and I in
the UK.

As for the idea of running Bind (or one of the other DNS server packages) on
your own systems, I think that it is a great idea (and I do it myself). Many
ISPs now "inject" their own IP addresses in response to unresolvable DNS
names, should you use their DNS service. With these sorts of "helpfull" ISPs,
you might point your web browser at http://www.GOUGGELE.COM/ and, instead of
getting a "server not found" message, get someone's ad service, or MITM of
google.com.

Running your own caching DNS server bypasses all that, and is often faster at
resolving names than your ISP's DNS (because of the lower traffic and smaller
hop-count).

--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request

Lew Pitcher writes:
Running your own caching DNS server bypasses all that, and is often
faster at resolving names than your ISP's DNS (because of the lower
traffic and smaller hop-count).

There are better choices for a caching-only server than BIND, though.
--
John Hasler

Dancing Horse Hill
Elmwood, WI USA

On Sun, 14 Jun 2015 12:23:38 -0400, John Hasler wrote:

There are better choices for a caching-only server than BIND, though.

If you only want a caching only name server, that's true. I also want
to be able to use the name server for dns within my lan. It took a
while to learn how to configure bind to do that, but it works. I did
provide a list earlier in this thread of other name servers, most of
which are caching only servers, not suitable for setting up dns within
a lan.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

| Their HQ is based in the US, so I wouldn't use it.
|

You avoid anything American? I don't think
I've ever heard that view before. Is there
another DNS server alternative? I've only
heard of OpenDNS.

I used to make a small income from selling
shareware, for several years when the PC craze
was big. I still occasionally make a sale. Almost
all the people who paid are in the US. Of those,
nearly all are *not* in big cities. The people
who paid voluntarily before I started trying
to enforce it were all in the "flyover states".
I once had 2,500 downloads in a single night,
all from Germany. Not one of them sent money.
I guess what I'm saying is that while corporate
America represents much of the sleaze online,
there's also a great deal of simple, innocent
decency in American society.

Andy Burns wrote in
:

(e.g. there are 150 L servers)

Just to understand, are these 150 "L" servers all duplicates
of the master "L" server?

Lew Pitcher wrote in
:

Yes, most Internet "users" would be unable to use the Internet, because they
depend on the official root servers, and don't know how to change to the
alternates.

To better understand that statement, I ask whether I am in that category
of "user" above.

I have the typical operating systems (Windows & Linux) on laptops & desktops.
On those PCs, I do not touch any DNS settings (I don't know how to anyway).

On my home broadband router, when I set it up initially, it asked for DNS
servers so I gave it a primary & secondary (and maybe even tertiary) that
I plucked off the net (probably from this ng).

I'm sure my ISP has a DNS server - but I have no idea if I'm using it.

Having said that, am I one of those Internet "users" who will not be able
to use the Internet once the 13 a-m servers go down (theoretically)?

On Sunday June 14 2015 12:55, in alt.os.linux, "Werner Obermeier"
wrote:

Lew Pitcher wrote in
:

Yes, most Internet "users" would be unable to use the Internet, because
they depend on the official root servers, and don't know how to change to
the alternates.

To better understand that statement, I ask whether I am in that category
of "user" above.

I have the typical operating systems (Windows & Linux) on laptops &
desktops. On those PCs, I do not touch any DNS settings (I don't know how to
anyway).

On my home broadband router, when I set it up initially, it asked for DNS
servers so I gave it a primary & secondary (and maybe even tertiary) that
I plucked off the net (probably from this ng).

I'm sure my ISP has a DNS server - but I have no idea if I'm using it.

Having said that, am I one of those Internet "users" who will not be able
to use the Internet once the 13 a-m servers go down (theoretically)?

In theory, yes.
Sorry.

--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request

On Sun, 14 Jun 2015 12:51:53 -0400, Werner Obermeier wrote:

Andy Burns wrote in
(e.g. there are 150 L servers)

Just to understand, are these 150 "L" servers all duplicates
of the master "L" server?

Yes.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Sun, 14 Jun 2015 12:55:53 -0400, Werner Obermeier wrote:

Lew Pitcher wrote in
:
Yes, most Internet "users" would be unable to use the Internet, because they
depend on the official root servers, and don't know how to change to the
alternates.

To better understand that statement, I ask whether I am in that category
of "user" above.

If you don't know how to set up a dns server, or use the alternate root
servers, then yes.

On my home broadband router, when I set it up initially, it asked for DNS
servers so I gave it a primary & secondary (and maybe even tertiary) that

Note that a dns lookup will normally only use the first server. A second
or third sever will only be used if the prior server(s) either timed out
or responded with a server failure message.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

On Sun, 14 Jun 2015 12:43:21 -0400, Mayayana wrote:

| Their HQ is based in the US, so I wouldn't use it.

You avoid anything American?

I'm using a newsreader, "made in the USA", so, no. But I'm not going to
use a DNS which HQ's is based in the US.

I don't think
I've ever heard that view before.

Have you heard of the Patriot Act? I know certain data can be collected,
but I'm trying not to *give* it away!

Is there
another DNS server alternative? I've only
heard of OpenDNS.

There's Google's DNS, but I'm avoiding that too (obviously). I don't see
why not to use the DNS my ISP offers me. There's was a data retention
law in my country, but that's history:
http://www.pcworld.com/article/2934792/belgian-data-retention-law-axed-by-constitutional-court.html

--
s|b

Werner Obermeier a écrit :

I just found 168 public DNS servers here.
http://www.linuxinternetworks.com/li...dns-addresses/

So, one privacy option may be to rotate them every two days, so that
you rotate through them all in a year.

10.0.0.2 = hetnet public dns server
10.0.0.3 = hetnet public dns server

These are RFC 1918 private addresses. How can they be public servers ?