If you're not using PTR records, you don't need it. They're only called to resolve the domain used by encrypted upstream and won't see your regular DNS traffic. Except for Cloudflare's 1.1.1.1 (which serve valid TLS cert for its IP), most encrypted servers use domain, and since DNS is supposed to resolve domain, you need a plain unencrypted server that doesn't require you to resolve any domain before using it. Note that you can put multiple servers on both upstream and fallback, so the regular upstream can have its own redundancy by having multiple servers you're fine with for normal use, eg, you can put AdGuard DNS and Mullvad there, and the fallback will only be used if both are down.īootstrap is only required if you use DoH/DoT/DoQ. For example, let's say you disagree/distrust Google's DNS privacy policy, but are willing to accept that if your regular upstream fails, it's better to have Google handle the traffic than not being able to resolve anything. - Online reporting tool for missed ads/false positivesįallback is to be filled by servers you're very sure will always work, but don't prefer to use unless all of the usual servers you want fail.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |