04/13/2017 (Thu) 18:12:29
I'm using Unbound right know, as a cache and authoritative server. So I'm directly connected to the root server, without using any proxy. Moreover, I have a little protection called DNSSEC.
The only default is that it's not encrypted. But I personaly hardly trust openssl anymore, nor Tor. Maybe the encryption itself is not at risk, but they don't need to break the encryption itself to get the info, as the leaks showed (see the conference of this guy saying that it's the goverment that forced to create a overly complicated ssl strandard to generate exploits easely). So that's a great compromise for me, since I cannot be censored at the DNS level.
I don't understand why there are not more people using Unbound on their main computer. You just need to modify the configuration of the DHCP to forbid him to change resolv.conf.
Moreover, you can use Unbound through openvpn, and that's great. And last but not least, you can apply restriction directly in Unbound, forbidding the server to ask for the ip adress. It's better than /etc/hosts restriction because nothing is going out of your computer.