The quality of dns always makes or breaks your internet experience. Personally at home unbound on opnsense with some blocking list has always worked really well for me. Openwrt with pihole also works fine. But the moment I have to use some recursive dns like this, I tend to not enjoy the experience.
It really depends. Cloudflare, quad9 or whatever upstream DNS probably has huge cache which makes resolving the queries quite fast. Although, local caching, like with unbound, is still going to be a lot better than any upstream resolver
opnsense + ctrld[0] + unbound works great and automatically upgrades upstream requests to DoH (etc.)
Was using NextDNS for a while, but stability and performance was a common issue. I like the idea of something like pihole, but ControlD is good, works anywhere, and is easy to manage.
Probably the responsiveness of things. Firefox is very sensitive to DNS roundtrip time during daily use. A faster response time provides much better experience with it.
I guess that ~25% of "Firefox is slow" myth is coming from slow DNS response, if not higher.
I honestly have no idea. I observe it all the time, and note repeatedly everywhere when the discussion comes up, but never had the time to dig into the code and see how that all works.
How censored are Quad9? I find it annoying when DNS providers try to cut me off from foreign news services so if I were to switch I'd like to know that they won't.
Almost a decade of Cloudflare DNS not working with archive.is
They have the technical explanation but nobody cares. Your product doesn't work. It would be like a browser getting released that doesn't render anything except properly formatted xhtml -- your product must function at least as good as others on the market, even if it means making workarounds.
So they provide full information on what happened, with all legal papers attached at the end, and a link to a site that gives you a list of all "blocked sites" that where effected by that order.
While the outcome is quite unfortunate, the way they provide all info here seams like a plus in my book here.
If a state/entity comes after your org tomorrow, and you got to either fight legally or leave the market (like cisco in the story), what would you do?
I think the France legislation is aimed at most major resolvers. You might get away with more niche ones for now, but the only stable way is to self-host a recursive resolver (like unbound) that walk the DNS tree themselves.
Hosting is never hard. It's about maintainability. How do you handle HA? How will you expose the service? What about backups? How efficiently are you running it? That's just the tip of the iceberg. For an average joe, this is not something they wanna deal with
You are doing a bare minimum job which is of course not what I intended. Your workloads doesn't seem to be that sensitive. If you can afford a few minutes of downtime, sure. I cannot afford downtime because lots of critical services will fail which will require manual intervention
Was using NextDNS for a while, but stability and performance was a common issue. I like the idea of something like pihole, but ControlD is good, works anywhere, and is easy to manage.
[0] https://github.com/Control-D-Inc/ctrld/wiki/pfSense-and-OPNs...
A regular dns like quad9 + ublock origin on Firefox has been a consistently great experience for me.
I guess that ~25% of "Firefox is slow" myth is coming from slow DNS response, if not higher.
They have the technical explanation but nobody cares. Your product doesn't work. It would be like a browser getting released that doesn't render anything except properly formatted xhtml -- your product must function at least as good as others on the market, even if it means making workarounds.
While the outcome is quite unfortunate, the way they provide all info here seams like a plus in my book here.
If a state/entity comes after your org tomorrow, and you got to either fight legally or leave the market (like cisco in the story), what would you do?
A niche resolver may get away under the radar, but only because they were not targeted.
1 - https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
2 - https://dnscrypt.info/public-servers/
We are talking a DNS resolver at home or on a VPS.
1. you don't need HA, if it dies you revert back to your ISP DNS while you fix it. And you always have a secondary resolver set up anyway.
2. you just set up its ip address as first dns server on your home router and as DoH on your devices browsers.
2. you don't need to back up a local resolver, the only data it has is cache.
4. a local DNS resolver serving the needs of a household needs very little resource.