🗄️ DNS provider suggestion | Lelux.fi #1208

New Issue

2019-08-24T09:54:11Z

Mikaela commented

2019-08-24 09:54:11 +00:00

(Migrated from github.com)

Basic Information

Name: Lelux
Filtering: No
Privacy policy: https://lelux.fi/privacy/
Protocols: DoT (853)
Server/Location: Luxembourg
Source: -
Type: hobby project?
Website: https://lelux.fi/resolver/

Description

Recommended by #1206 as a backup so if we list it, I guess we should also list this or it will get recommended by someone sooner or later.

Required features:

supports DoH or DoT
supports DNSSEC
doesn't log IP addresses during normal operation
- I think this is the case judging by "Haproxy TCP/HTTP logs are disabled. No IP addresses are collected." but I am not sure on query log verbosity 1, so leaving unchecked and research required

Desired features

supports QNAME minimization

## Basic Information **Name:** Lelux **Filtering:** No **Privacy policy:** https://lelux.fi/privacy/ **Protocols:** DoT (853) **Server/Location:** Luxembourg **Source:** - **Type:** hobby project? **Website:** https://lelux.fi/resolver/ ## Description Recommended by #1206 as a backup so if we list it, I guess we should also list this or it will get recommended by someone sooner or later. ### Required features:  * [x] supports DoH or DoT  * [x] supports DNSSEC  * [x] doesn't log IP addresses during normal operation  * I think this is the case judging by "Haproxy TCP/HTTP logs are disabled. No IP addresses are collected." but I am not sure on query log verbosity 1, so leaving unchecked and research required #### Desired features * [x] supports QNAME minimization

ProgressiveArchitect commented

2019-08-25 07:46:00 +00:00

(Migrated from github.com)

It seems silly to add another DNS server to an already packed list, especially when it doesn't support all the features that would make it fully privacy focused.

Mikaela commented

2019-08-25 08:42:51 +00:00

(Migrated from github.com)

I haven't been in contact with the admin (yet) nor tested support for the features it doesn't advertise. Or are you able to confirm that it's indeed missing features we require?

Amolith commented

2019-08-25 16:42:01 +00:00

(Migrated from github.com)

Unbound verbosity level 1 simply provides the admin with some high-level operational information. I've documented that in my privacy policy under DNS services though you can also run man unbound.conf and search for verbosity to read it yourself.

His setup is the same as mine too; on Debian, DNSSEC validation and QNAME minimisation are both enabled by default.

EDIT

The wording on both of our policies was inaccurate; previously, they said "Unbound query logs are enabled" and now they say "Unbound debug logs are enabled". Verbosity is set to 1 by default and neither of us modified that.

Unbound verbosity level 1 simply provides the admin with some high-level operational information. I've documented that in my [privacy policy](https://nixnet.xyz/privacy/) under DNS services though you can also run `man unbound.conf` and search for `verbosity` to read it yourself. His setup is the same as mine too; on Debian, DNSSEC validation and QNAME minimisation are both enabled by default. ## EDIT The wording on both of our policies was inaccurate; previously, they said "Unbound **query** logs are enabled" and now they say "Unbound **debug** logs are enabled". Verbosity is set to 1 by default and neither of us modified that.

👍 2

Mikaela commented

2019-09-14 18:35:38 +00:00

(Migrated from github.com)

@Amolith do you have contact to Lelux.fi? Their SSL certificate has expired ~24 hours ago and I was pinged about this in our Matrix room.

Amolith commented

2019-09-14 23:43:08 +00:00

(Migrated from github.com)

@Mikaela I do and I just sent him a message about it.

👍 1 ❤️ 1

Amolith commented

2019-09-15 21:16:19 +00:00