this a bad idea?

  • ubergeek77@lemmy.ubergeek77.chat
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    You linked their DNS server, which is not their proxy, but yes I use both.

    Cloudflare often comes under fire for privacy concerns, but that’s literally true of every public DNS server out there. No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.

    I don’t use Google’s DNS server, because their business model relies on their ability to spy on you. Cloudflare’s business model relies on providing reliable network services, and maintaining public trust. In addition, the scale of surveillance they would have to do with the volume of requests they get per second is entirely unfeasible. They simply have too much data flowing through their servers for it to be reasonable.

    Could they be spying on me? Yes, but so could anyone, and among the options, they are the least motivated to do so.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      No one can feasibly run their own DNS server at home. Those requests ultimately have to go somewhere.

      Recursive DNS servers will contact root DNS servers. You CAN run a recursive DNS at home quite easily. The only downfall is that root DNS typically doesn’t support any of the encrypted DNS options.

      • ubergeek77@lemmy.ubergeek77.chat
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Right, and I would prefer to not accidentally make my home DNS server vulnerable to zone transfer attacks, and have all that traffic leave my home unencrypted regardless. This can be done, but the risks and overhead outweigh the benefits.

        For my threat model (and probably most everyone’s), using Cloudflare’s encrypted DNS is good enough for me.

      • preciouspupp@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I just use the DNS proxy on my Mikrotik. If you communicate with the root DNS servers in plain text, then it can be just sniffed too. Hard to win here as to have to trust something at one point.

    • manitcor@lemmy.intai.techOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      the WARP proxy is the renamed ARGO proxy from thier Enterprise product. You can find info in thier docs. Its both thier DNS and the download page for the proxy software, scroll down.