privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

🗄️ DNS provider suggestion | NixNet #1206

New Issue
Closed
opened 2019-08-24 08:32:02 +00:00 by Mikaela · 10 comments
Mikaela commented 2019-08-24 08:32:02 +00:00 (Migrated from github.com)
Copy Link

Basic Information

Name: NixNet
Filtering: No
Privacy policy: https://nixnet.xyz/privacy/
Protocols: DoT (853)
Server/Location: Anycast, Luxembourg, New York, Las Vegas
Source: - (Unbound)
Type: Informal collective (part of Librehosters, see #816 )
Website: https://nixnet.xyz/dns/

Description

From what I understood they are smaller indepedent provider and thus good for decentralization. They also have servers in the US which our listing is currently missing.

I opened an issue about features I am unsure of: https://git.nixnet.xyz/NixNet/NixNet/issues/2 (including whether IP addresses get logged)

Required features:

  • supports DoH or DoT
  • supports DNSSEC
  • doesn't log IP addresses during normal operation

Desired features

  • supports QNAME minimization
## Basic Information **Name:** NixNet **Filtering:** No **Privacy policy:** https://nixnet.xyz/privacy/ **Protocols:** DoT (853) **Server/Location:** Anycast, Luxembourg, New York, Las Vegas **Source:** - (Unbound) **Type:** Informal collective (part of Librehosters, see #816 ) **Website:** https://nixnet.xyz/dns/ ## Description From what I understood they are smaller indepedent provider and thus good for decentralization. They also have servers in the US which our listing is currently missing. I opened an issue about features I am unsure of: https://git.nixnet.xyz/NixNet/NixNet/issues/2 (including whether IP addresses get logged) ### Required features: <!-- DoH and DoT are supported natively by platforms like Firefox and Android 9+ --> * [x] supports DoH or DoT <!-- We love DNSCrypt, but there is already https://github.com/DNSCrypt/dnscrypt-resolvers which is directly supported by dnscrypt-proxy, so we don't consider useful to list providers only supporting it. --> * [x] supports DNSSEC <!-- https://dnssec.vs.uni-due.de/ can test your current DNS provider. --> * [x] doesn't log IP addresses during normal operation <!-- If your suggestion logs, please compare its privacy policy with other servers on our table that keep logs. --> #### Desired features * [x] supports QNAME minimization <!-- if you have access to the dig command, `dig +short txt qnamemintest.internet.nl` -->
Mikaela commented 2019-08-24 08:36:37 +00:00 (Migrated from github.com)
Copy Link

They also recommend lelux.fi which leaves some details unclear to me, but I get the picture that they don't support DNSSEC, so I am not opening an issue for now.

Edit:

The resolver does support IPv4 and IPv6 and checks DNSSEC. Uncensored results (aka no adblocking or such).

They also recommend [lelux.fi](https://lelux.fi/resolver/) which leaves some details unclear to me, ~~but I get the picture that [they don't support DNSSEC](https://wiki.lelux.fi/dns-over-tls/unbound/linux/#arch)~~, so I am not opening an issue for now. Edit: > *The resolver does support IPv4 and IPv6 and checks DNSSEC. Uncensored results (aka no adblocking or such).* * https://lelux.fi/resolver/
Perflyst commented 2019-08-24 08:57:41 +00:00 (Migrated from github.com)
Copy Link

poke @amolith

poke @amolith
ProgressiveArchitect commented 2019-08-25 08:02:11 +00:00 (Migrated from github.com)
Copy Link

It seems silly to add another DNS server to an already packed list, especially when it doesn't support all the features that would make it fully privacy focused.

It seems silly to add another DNS server to an already packed list, especially when it doesn't support all the features that would make it fully privacy focused.
Amolith commented 2019-08-25 16:28:46 +00:00 (Migrated from github.com)
Copy Link

TODO

  • DNSSEC validation
  • Check QNAME minimization
  • Explain Unbound verbosity in privacy policy

I set these up a while ago and I couldn't remember what I had configured. As I was looking around, I found that all the features requested are enabled; Unbound does DNSSEC validation and QNAME minimisation by default. I've added a new header on the DNS page with a list of the features as well as mentioned the Unbound verbosity in the Privacy Policy

EDIT

The wording in my privacy policy was inaccurate; previously, it said "Unbound query logs are enabled" and now it says "Unbound debug logs are enabled". Verbosity is set to 1 by default and I didn't mess with that.

### TODO - [x] DNSSEC validation - [x] Check QNAME minimization - [x] Explain Unbound verbosity in privacy policy I set these up a while ago and I couldn't remember what I had configured. As I was looking around, I found that all the features requested are enabled; Unbound does DNSSEC validation and QNAME minimisation by default. I've added a new header on the [DNS page](https://nixnet.xyz/dns) with a list of the features as well as mentioned the Unbound verbosity in the [Privacy Policy](https://nixnet.xyz/privacy) ## EDIT The wording in my privacy policy was inaccurate; previously, it said "Unbound **query** logs are enabled" and now it says "Unbound **debug** logs are enabled". Verbosity is set to 1 by default and I didn't mess with that.
👍 2 ❤️ 1
Amolith commented 2019-09-16 00:55:44 +00:00 (Migrated from github.com)
Copy Link

Adblocked DoH is active and uncensored is in progress.
https://nixnet.xyz/dns/

Adblocked DoH is active and uncensored is in progress. https://nixnet.xyz/dns/
🚀 1
Mikaela commented 2019-09-16 10:57:59 +00:00 (Migrated from github.com)
Copy Link

Thanks for the update (and https://github.com/privacytoolsIO/privacytools.io/pull/1321).

Is Anycast DoH missing on purpose? I see that only Adblock anycast has DoH listed.

Thanks for the update (and https://github.com/privacytoolsIO/privacytools.io/pull/1321). Is Anycast DoH missing on purpose? I see that only Adblock anycast has DoH listed.
Amolith commented 2019-09-16 13:48:42 +00:00 (Migrated from github.com)
Copy Link

The first Anycast section is DNS without Adblock (uncensored) and that's what I'm working on implementing DoH with. You'll notice that the specific locations only list that as well and not uncensored.

The first Anycast section is DNS without Adblock (uncensored) and that's what I'm working on implementing DoH with. You'll notice that the specific locations only list that as well and not uncensored.
👍 1
Amolith commented 2020-02-18 16:32:49 +00:00 (Migrated from github.com)
Copy Link

I'm in the process of moving all of my documentation to a new website; DNS information can be found here with relevant links to other sections. I have git set up for the backend so all the pages are plain MD files stored on Gitea

I'm in the process of moving all of my documentation to a new website; DNS information can be found [here](https://docs.nixnet.services/en/dns) with relevant links to other sections. I have git set up for the backend so all the pages are plain MD files stored on [Gitea](https://git.nixnet.xyz/NixNet/documentation)
Amolith commented 2020-03-03 02:10:26 +00:00 (Migrated from github.com)
Copy Link

Change of URL again (sorry!); I switched from Wiki.js to MediaWiki because the former relies to heavily on JS and this information needs to be accessible to anyone. Most information can be found here but the privacy policy is on a separate page. I'm going to set them all up with proper categories in the near future.

Change of URL again (sorry!); I switched from [Wiki.js](https://wiki.js.org/) to [MediaWiki](https://www.mediawiki.org/) because the former relies to heavily on JS and this information needs to be accessible to anyone. Most information can be found [here](https://docs.nixnet.services/DNS) but the privacy policy is on a [separate page](https://docs.nixnet.services/DNS_(privacy)). I'm going to set them all up with proper categories in the near future.
👍 1 😆 1
blacklight447 commented 2020-03-03 11:04:10 +00:00 (Migrated from github.com)
Copy Link

Change of URL again (sorry!); I switched from Wiki.js to MediaWiki because the former relies to heavily on JS

shocked pikachu face

> > > Change of URL again (sorry!); I switched from [Wiki.js](https://wiki.js.org/) to [MediaWiki](https://www.mediawiki.org/) because the former relies to heavily on JS *shocked pikachu face*
😆 1
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
dependabot/bundler/nokogiri-1.13.6
dependabot/bundler/addressable-2.8.0
freddy-m-patch-3
pr-add_RemoveMyPhone_sponsor
pr-browser_cleanup_1257_1328_1430
freddy-m-patch-2
freddy-m-patch-1
pr-vpn_hated_one_video
cdn
update-nitrohorse-image
promote-metager-to-card
hardware
pr-add_azirevpn
pr-add_mailfence
shop
1673
pr/1658
i18n-simple
sponsorship-edits-nov2019
i18n
ipfs
blacklight447-ptio-patch-3
blog
remove-windows-icons
pr/1147
i18n-testing
add-beautify
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1206
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?