On 17/05/2020 16:57, mick wrote:
Hi Guys
This may be deemed off topic because it is not strictly directly Linux related, although all the machines involved are running Linux. However, there are some networking experts here and I would welcome a view on something that is driving me nuts.
The background is that I am experimenting with moving all my DNS lookups to DNS over TLS (to preserve privacy). I run local dnsmasq caching resolvers on two of my internal networks and for a while now I have forwarded upstream DNS requests to one of four unbound resolvers running on my OpenVPN end points. (So if I use the VPN on the machine called tap, I forward requests to unbound on tap).
{SNIP}
OK, I know you've found a solution to your problem.
Random musings:
Opendns - It logs, that's a shame. It alters results? It can remove links to certain sites, e.g. adult or gambling etc, which is why some people use it. If memory serves, it sometimes also take you to a search page if the domain does note exist. If you use dnsmasq, you can enter the IP of this landing page under "bogus-nxdomain" which means that dnsmasq knows that the search didn't work. Dunno if that's of interest.
Which name servers don't log you? The ones at the end of your post?
Have you considered using pihole? It does site-wide dns lookups and drops "spammy/malwarey/bad/advertisey" domains. I think it also caches your lookups. Dnsmasq can also cache your lookups.
You could setup dnsmasq to lookup via a pihole server, and pihole to lookup via whichever non-logging server, or list of servers you choose. With caching, only your initial lookups would be slow.
Any use?
Steve