I’m currently using Mullvad DNS with a profile on iOS and I’m having issues with resolving some websites.
Don’t get me wrong, Mullvad DNS works fine when using the VPN but when it comes to choosing a main DNS resolver I’m looking for a more stable provider.
What do you recommend or use personally as your main DNS server when you don’t use a vpn ?
(Preferably, with ad blocking or at least malware blocking)
Your DNS Server can still see what websites you want to visit. It’s just that it’s a little bit more complicated for your ISP to see what websites you request through DNS. Because of SNI and other things in the DNS Protocoll your ISP will still see what Websites you request.
But if the traffic is encrypted it can be more complicated to manipulate DNS as a MITM.
I personally wouldn’t use Cloudflare or Adguard. Both are commercial Companies which probably collect data for the US (in Cloudflares case) and the Russian (in Adguards case) government. Cloudflare is too big. There are a lot of independent free dns providers from non profits. The only reason to use something like Quad9 or Cloudflare is if there isn’t a trusted dns provider in your country and all others are too slow.
I stopped using any of the advanced Mullvad DNS providers as I would run into weird issues with websites loading, I even had cases where Mullvad’s own website wouldn’t load sometimes, using their adblock or base profile, so I switched back to using Quad9 and Cloudflare and letting my pi-hole do it’s job with the adlists.
Continuing to say they can’t be trusted when they’re open source, not headquartered in Russia, openly answered many questions about their operations, and actually have very few staff left in the country is just FUD.
Using a custom DNS server is not recommended by PG. Please ensure if your threat modeling allows for that.
In my case, it does, and I find NextDNS to be good for blocking ads, trackers, and threats at a network level. I find the free tier of NextDNS the best for this. If you don’t mind paying, I heard that Control-D is also good. Then there is Adguard personal DNS as well, but I find it a bit confusing and had latency issues.
There may be more but these are what I’m aware of.
I just selfhost an authoritative resolver on my own. Probably not as fast as commercial, public resolvers out there but now I’m self reliant and controls my query data myself.
Bind9 aren’t that hard to manage and if prefers gui theres technitium dns too. Bind9 coupled with adguardhome basically lets me emulate nextdns myself. Technitium can even be authoritative without needing bind9 and filtering ads itself but i prefer adguardhome modern and simpler query log view.