At Mon, 25 May 2020 19:51:52 -0400, "Aaron B." <aaron%zadzmo.org@localhost> wrote: Subject: Re: Securing DNS traffic > > Again, I'd prefer to run my own resolvers, but can't justify the > expense. I would recommend begging or borrowing _any_ old used computer that can run any open-source OS (though ideally NetBSD, of course) and support at least two Ethernet ports, and set it up as a firewall (with NAT) between your home network and your ISP's router. Hook the cable modem to it and run all your own networking through it. Then you can run your own DHCP server and resolver (e.g. unbound), your own NTP server, and possibly even some other services, such as SSH (perhaps on a non-standard port for the ISP-facing interface); as well as of course using it as a proper firewall too. With a WiFi card it can also be your access point. I currently use my Apple Time Capsule as the router/firewall/DHCP server and run the resolver, etc. on a cheap old used server (actually on a VM running on Xen on that cheap old used server). The time capsule is technically using NetBSD too. (Though now that Apple has dumbed down the AirPort Utility to basically cripple it, I'll soon have to migrate to a newer machine for routing -- something with better gigabit-speed throughput, as keeping the old laptop to run the old AirPort Utility is not viable.) -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgplCj0YX4VXd.pgp
Description: OpenPGP Digital Signature