Hi HN - Here’s a question that I hope will generate some useful comments, suggestions and links.<p>Background for question: I normally run an internal DNS resolver with an upstream pool of 10-15 providers. These are normally a mix of Global Anycast servers (Quad9 etc) with some OpenNIC, YandexDNS etc thrown in towards the end to cover the ‘chilling effects’ blackholes.<p>Currently Yandex DNS is pinging a timeout (either due to black-holing or DDOS’ing depending on where I connect To/From).<p>My question to HN is this – Given my ‘Information Wants To Be Free’ viewpoint, are there any DNS equivalents of Switzerland (WWII, Neutral to all parties) providers?
You could just run a recursive resolver yourself by using the root hints. You don't need to delegate your DNS queries onto a third-party resolver like Quad9.<p><a href="https://www.iana.org/domains/root/files" rel="nofollow">https://www.iana.org/domains/root/files</a>
I know this isn't quite what your asking for, but one idea is to set up a Pi-hole + unbound: <a href="https://docs.pi-hole.net/guides/dns/unbound/" rel="nofollow">https://docs.pi-hole.net/guides/dns/unbound/</a><p>Unbound is basically your own private DNS resolver and then Pi-hole lets you filter out whatever "junk" you don't want.
>My question to HN is this – Given my ‘Information Wants To Be Free’ viewpoint, are there any DNS equivalents of Switzerland (WWII, Neutral to all parties) providers?<p>Presumably the root and authoritative servers. Which is why I use a local recursive resolver rather than any upstream/third party resolvers.<p>You should try it. It's easy and fun!
Google DNS should at this point be considered harmful. Devs love to hardcode it in resolvd because 'user experience' but there's ample evidence its just analytics.<p>Quad 1 cloudflare is reliable doh but comes from a company with a history of bloviating nonsense about internet freedom only to eagerly capitulate to Twitter lynchmobs and blacklist a customer or ten.<p><a href="https://dnscrypt.info/public-servers/" rel="nofollow">https://dnscrypt.info/public-servers/</a> will give you a nice list of doh to try out. Ymmv however as many are sporadic.
Given you only mention censorship/chilling effect and not privacy - why isn't 8.8.8.8 sufficient? Have there been instances of domains it censored and stopped resolving that I'm not aware of?<p>I guess I'm confused on the benefit (theoretical or practical) one would get by using that variety of resolvers. Is it just to prevent theoretical censorship at the DNS level?
Shameless self promotion: Try Control D - <a href="https://controld.com/free-dns" rel="nofollow">https://controld.com/free-dns</a><p>There are many different types of resolvers, blocking and unfiltered. We're adding global ECH support in the coming weeks. There is also a paid plan if you need more control.
ControlD, DNS.sb and LibreDNS for instance. The latter two are open source.<p>I think non-disciminating DNS providers are rather the norm and not an exception though.
You could try Uncensored DNS: <a href="https://blog.uncensoreddns.org/" rel="nofollow">https://blog.uncensoreddns.org/</a>
<p><pre><code> 103.196.38.3
103.196.38.8
</code></pre>
Globally anycasted plain vanilla name resolution. I don't publicize it because I don't have anything to gain from more users, but you are free to use them.
<a href="https://www.opennic.org/" rel="nofollow">https://www.opennic.org/</a> and downstream providers from there are quite good: <a href="https://servers.opennic.org/" rel="nofollow">https://servers.opennic.org/</a>
Personally, I use nextdns on a paid plan (£17/year). Full control, can change to no logs, or logs stored in Switzerland. They have a free plan too
>Given my ‘Information Wants To Be Free’ viewpoint, are there any DNS equivalents of Switzerland<p>That's exactly why Quad9 changed it's HQ to Switzerland:<p><a href="https://www.switch.ch/news/quad9-moves-to-Switzerland/" rel="nofollow">https://www.switch.ch/news/quad9-moves-to-Switzerland/</a>
I use dnscrypt-proxy[0] which round-robins to a bunch of upstream servers, plus encryption.<p>[0] <a href="https://github.com/DNSCrypt/dnscrypt-proxy" rel="nofollow">https://github.com/DNSCrypt/dnscrypt-proxy</a>
Question after reading (very interesting) answers: what is the downsize using the root servers instead of the well-known ones? (1.1.1.1, 8.8.8.8, ...)<p>Is it the cache that improves resolution speed in a meaningful way?
You might want to look up "geo-politically stable" web hosting. Aside from that, Epik.com has traditionally been quite supportive of free speech (even if it's Trump supporters).
The DNS (as it exists today) is supposed to be the equivalent of Switzerland. The internet community has said over and over again they're not interested in censoring the internet or removing any group of people from it.<p>It sounds like what you really want is your own recursive resolver.
Note that even Switzerland could not stay neutral this time and enacted severe sanctions against Russia.<p>Maybe staying neutral has the higher cost to a free society (and thus „information wanting to be free“) in the long term?