Dns.watch or 1.1.1.1?


#1

Hi,

Currently, I’m using DNS of dns.watch. I couldn’t find any difference in speed, though I would like to know any other difference. Is there anyone coming from dns.watch? If yes, please provide the reason to move on to 1.1.1.1.

Thanks in advance.


#2

“No censorship. No Bullshit. Just DNS.”

Some of the “bullshit” Cloudflare does and DNS Watch doesn’t ( I couldn’t find any information about it) is to protect your DNS requests with DNS over HTTPS which encrypts all requests.


#3

I have used DNS.watch’s DNS servers for the past few years and was fairly happy with the results, right up until they had a full-scale service outage (see this for the best Tweet about it https://twitter.com/joergmattiello/status/960181757143371778), that crippled my entire infrastructure, for a few days. The response to the outage was less than impressive - I still don’t know what went wrong, how they fixed it, or if it could happen again. I didn’t really like not being able to talk with the provider, not even a Twitter account, AFAIK.

I am a CloudFlare customer, hosting domains and protecting my websites, both as a personal user and as a business user. The FREE services are perfect for my very small usage and fit my wallet.

The reason that I moved from DW (84.200.69.80, 84.200.70.40), to CF (1.1.1.1, 1.0.0.1) is to strengthen that customer relationship, but more importantly, to move to a DNS-over-TLS service (I don’t believe anybody has the right to track and record my every move - however law-abiding I am - what if searching for cat videos becomes illegal in the dystopian future and our overlords can search my DNS queries for retrospective transgressions - I’d be borked!).

However, this is moot, as I have been experiencing problems on my home/test network, where my TV cannot play videos on Amazon Prime Video, or Netflix - as soon as I moved back from CF to DW, problem resolved. If they resolve (LOL) the issues, then I’ll be back.


#4

Mark - I understand that CF makes DoH possible, but that my router or browser must be set up specially to use it, and that’s not easy for a non-tech such as myself.
Will CF be providing any guides as to WHICH routers or software and WHICH browsers make DoH possible, and what the settings need to be?


#5

Is that related to dnsmasq problem with Samsung TVs?

@glnz using both encrypted DNS standards is a bit convoluted right now as they’re both fairly new. You either have to install a local proxy or use Firefox Nightly with TRR configuration. Eventually it should be as easy as picking your default search engine, but it’s not quite there yet. We’ll try to keep up with practical guides to make this as easy as possible.


#6

mvavrusa - Does Simple DNSCrypt (new version) do the job? See https://simplednscrypt.org/ .


#7

I don’t know. I’m using a pfSense virtual router, configured in DHCP, to be the local network’s DNS server.

The pfSense is set up to forward all DNS requests that it doesn’t know how to serve, to the Settings->General Setup->DNS Servers, as forwarders.

So my TV was able to resolve some things - like youtube.com, netflix.com & video.amazon.com, but video thumbnails were unavailable in YT & Netflix & Amazon videos wouldn’t load at all.

It may have been related to some of the 1.1.1.1 issues that CF was experiencing, so I’ll try again on the weekend - hopefully a week will be long enough to resolve the teething problems.

Interestingly, my iPhone on the same LAN and DHCP, was able to resolve all the things.


#8

I can only help with pfSense https://www.netgate.com/blog/dns-over-tls-with-pfsense.html


#9

OK, for the sake of completeness, I found the cause (but not the root) of the problem I was experiencing.

Both pfSense and OPNsense were exhibiting the same problem and that was when I had the Unbound DNS Resolver turned on and configured, DNS would regularly and completely fail & it’s somehow tied to the Unbound DNS resolver service, because when I disable it and switch to DNS forwarder only, the problem vanishes.

I initially thought it was snort, being a pig, but after disabling that & then DNSBL and then pfBlockerNG, they none of them were afefcting the DNS service - the problem lies with Unbound - the only reason I was using it, is that using DNSBL on psBlockerNG requires that you enable and configure Unbound. A bit annoying, since I switched to pfSense, to enable site-wide ad-blocking!

UPDATE: The problem is with “Enable DNSSEC” - with that turned OFF, there appear to be no problems.


#10

That would most likely be dns.watch breaking some DNSSEC stuff. It’s not easy to get that done right (own experience).


#11

That’s not with DNS.watch, it’s with 1.1.1.1 and 1.0.0.1