> safe for children<p>Ah, it's filtered.<p>Someone decides what "children" means. Someone decides what "safe" means.<p>There are people who think that not just under-16s, but <i>almost everyone</i> is incapable of making adult decisions. And different (responsible, informed) adults may come to different conclusions about what is and isn't safe.<p>Curated DNS may suit some people, but I appreciate having access to the real internet.
If anyone's wondering which are the "High-risk TLDs" blocked in the "zero" filter: CF, CG, GA, GQ, ML, TK, TOP, WIN (right now, i guess it may change any time)<p>The "kids" filter blocks the same TLDs, so it allows XXX or PORN, i guess they just block individual 2nd level domains.<p>I just looped through IANA's TLD list with a simple script to get this. The resolver returns NXDOMAIN with "negative-caching.dns0.eu." SOA for the blocked ones:<p><pre><code> $ kdig +tls ns tk @zero.dns0.eu
…
;; ->>HEADER<<- opcode: QUERY; status: NXDOMAIN; id: 39321
…
;; QUESTION SECTION:
;; tk. IN NS
;; AUTHORITY SECTION:
tk. 300 IN SOA negative-caching.dns0.eu. hostmaster.tk. 0 1200 300 1209600 300</code></pre>
Europe having already planned to launch a service which will be called DNS4EU, it looks a bit like phishing.
Source: <a href="https://joinup.ec.europa.eu/collection/ict-standards-procurement/solution/dns-rfc-1034-rfc-1035-domain-name-system/news/dns4eu" rel="nofollow">https://joinup.ec.europa.eu/collection/ict-standards-procure...</a>
Pity they couldn't get a cool IP address like Cloudflare and Google. Since without some source of DNS you can't reach dns0.eu it's good to have something memorable like 1.1.1.1 or 8.8.8.8
Warning:<p>Do not go to this site with enabled javascript! They spam your uplink DNS provider with thousands of uniq, uncachable (fingerprinting?) 'test' dns keys without your
consent, to identify & track the DNS service you are using!<p>Take a look at your DNS outbound log yourself!
Since they don't seem to be mentioned on their website, DNS Stamps are sdns://AgMAAAAAAAAAACCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQdkbnMwLmV1Ci9kbnMtcXVlcnk ("zero" version) and sdns://AgMAAAAAAAAAACCaOjT3J965vKUQA9nOnDn48n3ZxSQpAcK6saROY1oCGQxraWRzLmRuczAuZXUKL2Rucy1xdWVyeQ ("kids" version).<p>But these are already present in the list of public encrypted resolvers (<a href="https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md">https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v...</a>).
I just use quad9:<p><a href="https://www.quad9.net/service/service-addresses-and-features" rel="nofollow">https://www.quad9.net/service/service-addresses-and-features</a>
If I choose their DNS, the website shows a text at the bottom that says "You are using dns0.eu"<p>How does the website know I'm using their DNS? I couldn't find anything in the HTTP header that would help them with this.<p><a href="https://imgur.com/fMZwxYz" rel="nofollow">https://imgur.com/fMZwxYz</a>
My router runs Unbound in order to rotate queries across a number of different DNS-over-TLS providers. I'll toss these guys into the mix as well out of curiosity just to see how it goes.
CIRA, Canada's Internet Registry, runs a number of public DNS servers[1]. The main attraction is that the service is provided by a non-profit and the data and control are held in Canada, subject to Canadian laws and regulation.<p>They also offer a number of levels of protection, from none (simply resolving the queries) to one blocking suspected malware/C2 domain and one blocking pornographic material.<p>[1] <a href="https://www.cira.ca/cybersecurity-services/canadian-shield" rel="nofollow">https://www.cira.ca/cybersecurity-services/canadian-shield</a>
They make it seem like they're affiliated with the EU, from brand colors, to TLD, and more. But of course they're unaffiliated. Seems intentionally deceptive.
Comparison to PiHole: <a href="https://news.ycombinator.com/item?id=22718670" rel="nofollow">https://news.ycombinator.com/item?id=22718670</a> and <a href="https://help.nextdns.io/t/q6hmvay/what-is-the-advantage-of-using-nextdns-over-pi-hole" rel="nofollow">https://help.nextdns.io/t/q6hmvay/what-is-the-advantage-of-u...</a>
While I don't think it should be the only choice. Recursive dns does sound like the sort of service a government should offer it's citizens.<p>Authoritative dns also sounds like the sort of service a government should offer it's citizens. I mean, sure, it would suck compared to commercial dns, but at least everybody could have a name if they wanted.
Doesn't disclose where their blocklists come from for the child product, hugely overblocks legitimate websites, has no appeals process for miscatagorisation.<p>What an awful product.
It has quite extreme filtering:<p>- No porn or other adult websites<p>- No explicit search results<p>- No mature videos on YouTube<p>- No dating websites or apps<p>- No mixed-content websites<p>- No piracy<p>- No ads
Today it's a feature. Tomorrow it becomes mandatory by law. Loosing freedom with a big bang and a hole lot of happy people because they cannot compute. There is nothing good about things like that, at least on the long run.
> 100% European<p>but is it gluten free? /s at least it's not google or cloudflare<p>it's pretty funny how a completely irrelevant broken protocol that i don't actually needed (could just type the 4 IP digits) is the central talking point of politics junkies