I've lost count how often I wrote 8.8.8.8 and 1.1.1.1 somewhere. Cloudflare and Google (and Quad9) understood that you need to remove friction to get more users. I hardly remember 1.1.0.0 (or is it 1.1.1.0 ?), so I've never entered that somewhere.
*Don't make me think*
According to that rule, DNS4EU is dead in the water. It took me at least 5 clicks to see their fucking IP. And there are multiple, to choose from, oh dear lord, help me! The only thing I want to know is: which IP do I need to enter, so that I can try out their service.
But OK, I get it, I'll read their stuff. So the IP could be 84.56.11.11 I think. Could be wrong. I'm pretty sure, it is wrong, because my brain didn't bother to hold that information for 30 seconds. I have multiple working DNS IPs in my brain, the new one needs good reason to get storage space in my small, stupid brain.
I know, this is an extreme take to that matter. But when you build a product, you need to understand, that 99.9% of your potential users are apes, that are bored, stressed and angry at the same time. They don't care at all about all the stuff you care about. Give them, what they need to progress. After that, they will maybe care a little bit about your product.
i don't know what you tried, but i found it by scrolling down and then a single click. then i went back and found that two clicks without scrolling would have done it.
you are right about the problem of hard to remember IP addresses, but i don't think it is that bad.
They don't care at all about all the stuff you care about.
i don't understand this argument. users who don't care would not even bother to change the DNS. and those that do will change their settings once and be done with it. a memorable IP mainly benefits those that set up devices frequently.
As others have noted, my take is slightly unreasonable, but reflects the reality of them.
To be a bit less "stressed, bored and angry ape"-ish, I still see the problem with IPs, that are not as rememberable as possible, and I also think the website should have one of their IPs front and center and reachable without scrolling.
DNS Servers are a strange product. It is very high stakes and very low stakes at the same time.
Without DNS nothing works anymore. Slow servers are a mayor pain. DNS is *the* single point of failure in our electronic lives. So everything is high stakes.
At the same time, DNS is boring as hell. Everyone can run their own DNS server in minutes, there are resolving DNS servers everywhere, you can choose whichever, they will all work like 99,999% the same. It mostly makes no difference, at all, which DNS server someone uses.
So if someone wants to break into that market, they need to be as convincing as possible. Why should I change? How much energy does it take to change? How likely is it, that this new service will be faulty, slow, or does things different, so my users and I are blocked and therefore angry? And if they are angry, can I tell them "oh, google messed up, the internet is broken, nothing I can do here, just wait a bit", or do I have to say "sorry for selecting an unreliable service, I will repair it for you (for free)".
Google DNS and Cloudflare captured the marked with "we are the fastest, and biggest, you will never experience downtime or slowness". And they proved (mostly) that I can count on that.
Quad9 take is "we are fast, big, and we will fight for freedom". Maybe. I honestly forgot, because I can already choose from two others. I just know, that if 8.8.8.8 and 1.1.1.1 fails, I try 9.9.9.9, if that also fails, my network config is definitely fried.
In this space, it is ultra hard to create a new product. Remove friction, get more users. This is all, I wanted to say.
After reading your claim, I have thought that the first time I have not scrolled enough.
So I scrolled everything without seeing any information, then I have tried the "Set It Up" buttons, which have only taken me to other pages with verbose but useless information.
However, some time later, I have tried again a "Set It Up" button, and this time it showed a popup with the IP addresses or URLs of the servers, which I assume that is what you have seen.
But at least for me, this did not happen at the first attempt, when I could not reach easily this information, despite performing the same steps as later.
If you're willing to setup your own DNS server (on a Pi or any (low-power) device), you don't need any forwarding DNS service. No Google DNS (8.8.8.8, 8.8.4.4) or OpenDNS (1.1.1.1). People sometimes tend to forget how DNS works.
If you setup your own DNS server without a forwarder, it just contacts the root servers and resolve domains through the regular DNS process.
A reason to use the DNS4EU serivce is if you want additional filtering that you may not be able to / or want to realise with pihole.
In my experience, recursive nameservers tend to be a bit slower than using cloud nameservers. Google and Cloudflare have most domains cached, so their responses are faster, especially for domains with authoritative DNS servers on the other side of the world.
Another advantage is that cloud servers can be contacted over ODoH, which encrypts the lookups and protects the privacy of the user (which isn't the case for normal DoH either).
Your recursive nameserver should also cache any resolved domains, so a small delay could happen only if you try to access for the first time some site that you have never visited in the recent past.
In practice, I have used for decades only my own recursive nameservers and I have never perceived any slowness in comparison with computers that were using the ISP or Google or corporate nameservers. More like the opposite, presumably because my own cache always has the content that I access frequently.
1.1.1.1 is cloudflare not opendns. Also you need to use something like unbound as recursive DNS because most of people using pi hole or adguard home they are forwarded DNS and still need upstream. But I agree with you, I run unbound+ Adguard home and don't need anything. I put 9.9.9.9 as fallback however because I don't have replication of the setup yet.
In the past, for many decades, dnscache was an excellent recursive resolver and cache. Unfortunately, it has become obsolete because nowadays many DNS queries return replies so big that they must be obtained over TCP, so an UDP-only tool is no longer good enough.
well, the other reason is to avoid exposing your home IP to the DNS servers of the world.
using e.g. 8.8.8.8 means Google and your ISP can log your dns queries and tie them to your IP, running your own recursor means every DNS server you touch knows you personally looked them up.
The threat of random DNS servers spread over the world knowing your queries is certainly orders of magnitude less than when using the Google or the ISP name servers.
For Google or for the ISP it is trivial to aggregate all your queries in order to have a complete history of your activity.
For many DNS servers distributed over the world and belonging to different organizations it is much more difficult to coordinate in order to monitor you.
In practice, your ISP is the main threat for monitoring your Internet activity, not by DNS, but by its routers, through which any packet sent or received by you must pass.
> The official EU Public DNS Resolver is basic-level protection that everyone should have. It is important to note, however, that most organisations and individuals likely require enhanced protection.
I'm confused - what "enhanced protection" do most individuals require that they aren't providing?
My question is, will they block sites when some e.g Greek or Spanish authority tells them too? One thing I appreciate about Cloudflare or Google's dns-over-https servers, on top of the encryption, is that they don't block sites like Anna's Archive, whereas my local ISP sometimes does.
The funny thing is that they’re reusing the IPv4 octets, that look like decimal notation, but in the hexadecimal Interface ID:
2a13:1001::86:54:11:100
So only hilarity can ensue from misunderstanding that; but the reverse DNS may be achievable.
Not to mention the unfortunate association with IPv4 in the service name. When will DNS6EU be released? More to the point, “for” is a distinctly English word, so has “4” become an international chatspeak stand-in?
Neither the IPv4 addresses nor the IPv6 addresses have reverse lookup set up correctly, as far as I can tell. Both are eminently, and easily, achievable.
The techy people who are the ones who are the target for something like this aren't just setting up their home internet once, they're setting up the internet for their friends and family when they visit, getting roped in to fix the internet for their in-laws when it breaks, etc.
Because, 18 months from now, you or your executrix wakes up with a hangover, and your Internet connection is down, and you or your executrix begin troubleshooting, and poking through the DNS configuration, your executrix scratches her head and exclaims “who in the world is 2a13:1001::86:54:11:100 and why did we ever add this in here?!”
And then you or your executrix reset it to 8.8.8.8 because that is distinctly memorable and unmistakable.
Readit News
*Don't make me think*
According to that rule, DNS4EU is dead in the water. It took me at least 5 clicks to see their fucking IP. And there are multiple, to choose from, oh dear lord, help me! The only thing I want to know is: which IP do I need to enter, so that I can try out their service.
Everyone else understood this. Look at Cloudflare: https://www.cloudflare.com/de-de/learning/dns/what-is-1.1.1.... the IP is RIGHT IN THE URL! I don't even need to visit their website.
But OK, I get it, I'll read their stuff. So the IP could be 84.56.11.11 I think. Could be wrong. I'm pretty sure, it is wrong, because my brain didn't bother to hold that information for 30 seconds. I have multiple working DNS IPs in my brain, the new one needs good reason to get storage space in my small, stupid brain.
I know, this is an extreme take to that matter. But when you build a product, you need to understand, that 99.9% of your potential users are apes, that are bored, stressed and angry at the same time. They don't care at all about all the stuff you care about. Give them, what they need to progress. After that, they will maybe care a little bit about your product.
you are right about the problem of hard to remember IP addresses, but i don't think it is that bad.
They don't care at all about all the stuff you care about.
i don't understand this argument. users who don't care would not even bother to change the DNS. and those that do will change their settings once and be done with it. a memorable IP mainly benefits those that set up devices frequently.
DNS Servers are a strange product. It is very high stakes and very low stakes at the same time.
Without DNS nothing works anymore. Slow servers are a mayor pain. DNS is *the* single point of failure in our electronic lives. So everything is high stakes.
At the same time, DNS is boring as hell. Everyone can run their own DNS server in minutes, there are resolving DNS servers everywhere, you can choose whichever, they will all work like 99,999% the same. It mostly makes no difference, at all, which DNS server someone uses.
So if someone wants to break into that market, they need to be as convincing as possible. Why should I change? How much energy does it take to change? How likely is it, that this new service will be faulty, slow, or does things different, so my users and I are blocked and therefore angry? And if they are angry, can I tell them "oh, google messed up, the internet is broken, nothing I can do here, just wait a bit", or do I have to say "sorry for selecting an unreliable service, I will repair it for you (for free)".
Google DNS and Cloudflare captured the marked with "we are the fastest, and biggest, you will never experience downtime or slowness". And they proved (mostly) that I can count on that.
Quad9 take is "we are fast, big, and we will fight for freedom". Maybe. I honestly forgot, because I can already choose from two others. I just know, that if 8.8.8.8 and 1.1.1.1 fails, I try 9.9.9.9, if that also fails, my network config is definitely fried.
In this space, it is ultra hard to create a new product. Remove friction, get more users. This is all, I wanted to say.
After reading your claim, I have thought that the first time I have not scrolled enough.
So I scrolled everything without seeing any information, then I have tried the "Set It Up" buttons, which have only taken me to other pages with verbose but useless information.
However, some time later, I have tried again a "Set It Up" button, and this time it showed a popup with the IP addresses or URLs of the servers, which I assume that is what you have seen.
But at least for me, this did not happen at the first attempt, when I could not reach easily this information, despite performing the same steps as later.
If you setup your own DNS server without a forwarder, it just contacts the root servers and resolve domains through the regular DNS process.
A reason to use the DNS4EU serivce is if you want additional filtering that you may not be able to / or want to realise with pihole.
Another advantage is that cloud servers can be contacted over ODoH, which encrypts the lookups and protects the privacy of the user (which isn't the case for normal DoH either).
In practice, I have used for decades only my own recursive nameservers and I have never perceived any slowness in comparison with computers that were using the ISP or Google or corporate nameservers. More like the opposite, presumably because my own cache always has the content that I access frequently.
In the past, for many decades, dnscache was an excellent recursive resolver and cache. Unfortunately, it has become obsolete because nowadays many DNS queries return replies so big that they must be obtained over TCP, so an UDP-only tool is no longer good enough.
using e.g. 8.8.8.8 means Google and your ISP can log your dns queries and tie them to your IP, running your own recursor means every DNS server you touch knows you personally looked them up.
it's important to decide your threat model.
For Google or for the ISP it is trivial to aggregate all your queries in order to have a complete history of your activity.
For many DNS servers distributed over the world and belonging to different organizations it is much more difficult to coordinate in order to monitor you.
In practice, your ISP is the main threat for monitoring your Internet activity, not by DNS, but by its routers, through which any packet sent or received by you must pass.
I'm confused - what "enhanced protection" do most individuals require that they aren't providing?
The whole thing looks like a PR stunt for an Infosec product. Just that they somehow convinced the EU to fund it.
* https://www.cira.ca/en/canadian-shield/
Deleted Comment
https://en.wikipedia.org/wiki/Reverse_DNS_lookup#IPv6_revers...
The funny thing is that they’re reusing the IPv4 octets, that look like decimal notation, but in the hexadecimal Interface ID:
So only hilarity can ensue from misunderstanding that; but the reverse DNS may be achievable.Not to mention the unfortunate association with IPv4 in the service name. When will DNS6EU be released? More to the point, “for” is a distinctly English word, so has “4” become an international chatspeak stand-in?
I read it as "DNS for EU" not as a hint towards IPv4.
And then you or your executrix reset it to 8.8.8.8 because that is distinctly memorable and unmistakable.