(blog.cloudflare.com)

1895 points _l4jh | 1 comments | 01 Apr 18 12:14 UTC | HN request time: 0s | source

Show context

ComputerGuru ◴[01 Apr 18 13:18 UTC] No.16728122[source]▶

This is bad, bad, bad advice. You don't set the DNS on your local machine. That breaks things. The DNS needs to be set at the gateway. If you change your PC/mac's DNS to an external service, you won't be able to resolve any addresses on the local network.

Come on, CloudFlare. You guys know better than that. Please stop breaking the (local) internet.

replies(10): >>16728139 #>>16728143 #>>16728144 #>>16728148 #>>16728152 #>>16728177 #>>16728193 #>>16729378 #>>16729789 #>>16731793 #

1. twr ◴[02 Apr 18 02:11 UTC] No.16731793[source]▶

>>16728122 #

Unbound lets you forward queries to nameservers matched by the query (sub-)domain.

*.internal queries can be sent to the local nameserver, for example, while others can be forwarded to the public nameserver.

Minimal unbound.conf example:

    forward-zone:
        name: "."
        forward-addr: 1.1.1.1
    forward-zone:
        name: "internal"
        forward-addr: 10.0.0.1

Unbound also supports DNS-over-TLS, although stubby's implementation is much better. It's usually ideal to forward to a local stubby instance instead.

↑

1.1.1.1: Fast, privacy-first consumer DNS service