[nmglug] IPv6, cloudflare and related issues

Anthony J. Bentley anthony at anjbe.name
Mon Jul 13 03:03:53 PDT 2020


Hi LeRoy,

LeRoy Diener writes:
> I heard that using 1.1.1.1 or 1.0.0.1 offers advantages of privacy against
> ISPs

This only really happens if you use the DNS-over-HTTPS or DNS-over-TLS
services provided by CloudFlare.

The tradeoff is that all your DNS traffic gets sent to CloudFlare when
it wasn't sent before, but your ISP now has less visibility into it.
Personally, I'd make that trade, because I while I distrust CloudFlare,
I distrust Comcast and Centurylink even more.

There are two ways to do so: configure individual applications to do so
(I believe both Firefox and Chrome allow this configuration, although
very few other programs do), or run a DNS cache on your local network.

Personally I use Unbound as a DNS cache. When devices on my LAN ask for
nameserver addresses, my router is configured to point to the IP of the
Unbound server (which in my case happens to also be the router, but you
could run Unbound on any machine on your network as long as it's got a
static IP).

> I edited IPv6, adding* 2606:4700:4700::1111,2606:4700:4700::1001*
> When I test it at https://1.1.1.1/help it's not working right.

I suppose the obvious question is, does IPv6 work for you under normal
circumstances? Many ISPs don't support it even in 2020. I'm quite sure
CenturyLink doesn't and I've never gotten it to work under Comcast
either.

-- 
Anthony J. Bentley


More information about the nmglug mailing list