What's new

DNS Security over VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fields987

Regular Contributor
On wan tab I've recently enabled DNS over TLS using cleanbrowsing security dns, DNSSEC, and rebind protection. On lan/dns filter, I've set to router mode. I dont currently use a vpn.

My question is if I setup a vpn (leaning toward Nord), can/should I still use this DNS config or should i switch to Nord's DNS servers? I like the malware filtering that clean browsing offers.

Thanks!
 
I can think of no good reason to use NordVPN's DNS servers over your preferred servers (and I'm a NordVPN customer).

I suppose in theory they could be faster because they are closer (in network terms) to you. But this is the same argument that can be made for using your ISP's servers, and you've chosen not to do that. Your ISP's servers should also have the additional benefit of directing you to the closest/fastest CDN.

In short, keep using CleanBrowsing.
 
Note that some VPN providers may possibly block the use of other DNS servers, as a way to prevent accidental leaks. This shouldn't be an issue however if you use DoT, unless the provider also starts blocking port 853.
 
Note that some VPN providers may possibly block the use of other DNS servers, as a way to prevent accidental leaks. This shouldn't be an issue however if you use DoT, unless the provider also starts blocking port 853.
@RMerlin, I think you mentioned in the past you use your ISPs DNS for security. From your experience for those who would like to use something outside of their ISP, would you recommend Quad9 over Cloudflare for security or maybe even something else or each one has it's own pros/cons? I keep reading Cloudflare is faster than Quad9, however quad9 does better filtering and malware. Any info is greatly appreciated.
 
I think you mentioned in the past you use your ISPs DNS for security.

I don't use them for security, I use them for performance. I trust my ISP, and I want to always be connected to the best CDN node possible (which also includes edge caches that my ISP has for various services).

From your experience for those who would like to use something outside of their ISP, would you recommend Quad9 over Cloudflare for security or maybe even something else or each one has it's own pros/cons? I keep reading Cloudflare is faster than Quad9. Any info is greatly appreciated.

I have no personal preferences. Quad9 does filtering while Cloudflare does not, so that's two different target usage. Depends if you want DNS-level filtering or not.

As for speed, it will vary between locations. When you use Quad9 or Cloudflare, you aren't connecting to the server, you are connecting to a server, based on your location. It will depend which of these have a node that's closest to you. Any published benchmarks about speed or performance are meaningless unless you personally test it from your specific location. Montreal's distance to Quad9 and CF might not be the same as New York's or Paris's.
 
Just FYI, but maybe you already know, that Cloudflare does offer filtering malware since April 1st. (no joke)
Just use 1.1.1.2 as your DNS. (DoT is not currently supported for this, but will be soonish)

Yes, as you noted, their DoT servers do not support filtering yet.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top