Use this link to get yourself a Vultr VPS www.vultr.com/?ref=8791233 Use this link to get the little daemon T shirt (also available in long sleeve, pullover hoodie, and ladies shirts) based.win/product/little-daemon-premium-short-sleeve-t-shirt/
@realcartoongirl
9 ай бұрын
Why you say private then sellout
@Drakonak
9 ай бұрын
Do you recommend a specific VPS from vultr or elsewhere?
@brettlaw4346
9 ай бұрын
Got any tips for mitigating BGP attacks?
@Myname-l3h
9 ай бұрын
Why are you being racist towards indians?
@Anon26335
9 ай бұрын
You are so freaking racist dude, you should delete the thumbnail goofball🤡🤡
@njpme
9 ай бұрын
Blink 2 times if you're ok. 3 times if the NSA is holding you hostage
@vlad7269
9 ай бұрын
Don't worry he is hiding near police station
@Abhinav_Nayana_Sailen
9 ай бұрын
Bro is off-grid...
@ultralaggerREV1
9 ай бұрын
njp, keep posting this comment on future videos. Also ask in livestreams
@MoisesCaster
9 ай бұрын
It's blinking like a Christmas tree
@illiiilli24601
9 ай бұрын
@@Abhinav_Nayana_Sailenbro is a deep fake
@Teddev1337
9 ай бұрын
Love your channel man! We need people like you who care about privacy and freedom in this crazy digital world!
@kuchesezik
9 ай бұрын
naomi brockwell, louis rossmann
@hanelyp1
9 ай бұрын
The limit I see to privacy in this setup is it still depends on upstream DNS, and your private server may still be traced to you. To improve this you need your private DNS open for wider use, hence ambiguity of who is requesting a lookup.
@DogDooWinner
9 ай бұрын
I just break in to my neighbors house and use his computer. A few weeks ago, his wife left him due to his apparent affinity for ladyboys. I didn't know he was in to that as well. Him and I should hang out more.
@apache937
9 ай бұрын
his server is open and publicly available. but do you trust kenny?
@cyberdusttv
9 ай бұрын
My limited understanding with DNS is that when one does a recursive DNS query, the queried DNS server needs to check the root server first, which eventually tells the DNS server what IP it is searching for. If this is hosted locally, only the local connection to the queried DNS server would be protected by DoH, and the DNS server making the actual query would be in plaintext still. Wouldn't it be actually worse than using a VPS, if you consider the ISP as a bad actor in the proposed threat model, since they can just read the outgoing traffic of the DNS server?
@autohmae
9 ай бұрын
yes, it's worse than a VPS.
@seanmoran6683
9 ай бұрын
I think it's pretty silly as well
@spoopyangie
9 ай бұрын
Not sure if is possible with Bind9. But I am using AdguardHome as my local DNS and I set the upstream DNS server as Cloudflare's DOH. I noticed a small hit in response times for uncached requests, but other than that. All good! So, in theory, the whole DNS request is encrypted - At least till it reaches Cloudflare. And of course, blocking trackers and other nasty stuff through DNS blocklists is a very pleasant added bonus.
@authenticallysuperficial9874
9 ай бұрын
Yeah hosting it locally would be stupid.
@pyromen321
9 ай бұрын
I’d only host this locally if you have a script to do dns requests for random domains constantly, similar to trackmenot
@noanyobiseniss7462
9 ай бұрын
Not just privacy but also speed when held locally. Add you frequently visited sites to your local hosts file for snappier surfing.
@harveybolton
9 ай бұрын
There are some things it makes sense to host yourself but recursive DNS isn't one of them, you're isolating your queries to a single VPS in the cloud with no upstream anonymity. You're much better off using an on-premise DNS cache/filter like Adguard/Pihole and configuring it to use a privacy aware upstream DNS service like Quad9, over DoH of course. Route your queries over Mullvad if you're extra paranoid but that's overkill and not necessary for 99% of threat models.
@ultravioletiris6241
8 ай бұрын
Pretty much. Adguard and Quad9 are exactly what i was going to mention
@nightmarenova6748
8 ай бұрын
Really good comment! +1
@fildisco
9 ай бұрын
Merry TLS 1.3 Christmas Mental Outlaw and have a happy DNSSEC New Year!! :D
@beydb
9 ай бұрын
thank you for taking time off playing for the boston celtics to bring us this video
@somerandomguywastaken
9 ай бұрын
Another great deepfake👏
@MentalOutlaw
9 ай бұрын
The deepfake tech just keeps getting better
@Benito650
9 ай бұрын
@@MentalOutlawbased indeed 🙌
@maindepth8830
9 ай бұрын
What?
@kieraisverybored
9 ай бұрын
@@maindepth8830he is AI
@realcartoongirl
9 ай бұрын
is his real face
@GebzNotJebz
9 ай бұрын
number one thing you learn about DNS in networks is that its configuration has to be by IP, otherwise you have a "Chicken first or the egg" problem
9 ай бұрын
not really, as the root servers are known ahead of time, and usually hardcoded into an app, so you can do your own recursion
@zakyia
4 ай бұрын
How do you not have a handle?
@kidus_tv
9 ай бұрын
Great video as always. If only DNS was real.
@freeloaderuser6793
9 ай бұрын
The fact that I was trying to do this on the router without any success
@MentalOutlaw
9 ай бұрын
Doing this on a router would be interesting, might be possible with dnsmasq on OpenWRT
@ozzieggg
9 ай бұрын
@@MentalOutlaw openwrt has unbound
@makam2089
9 ай бұрын
@@MentalOutlawthis is possibile with Unbound package for OpenWRT.
@Swenthorian
9 ай бұрын
When I set up an OPNsense router, I configured the firewall to capture all NTP and DNS requests, and I configured Unbound to serve DNS and to do DNS-over-TLS to Quad9, and I configured Chrony to serve NTP and to do NTPSec to System76.
@litjay3828
9 ай бұрын
i didn't know jayson tatum knew about DNS servers
@ThatRandomGuyInTheComments
9 ай бұрын
Holy shit that thumbnail what the fuck
@ihate4chan
9 ай бұрын
Man, now I feel like I see him in a different (negative) light lol
@omkarnaik6305
9 ай бұрын
He's a frustrated mental incel.
@hydr0xx_
9 ай бұрын
@@omkarnaik6305his whitecel ass tryna cope in every way possible it seems
@thymos6575
9 ай бұрын
@@hydr0xx_ cry harder scammer
@aakarshanraj1176
9 ай бұрын
@@ihate4chan he is a salty chicken man
@davidcampos8795
9 ай бұрын
kenny pls make more farm and lifting videos also pls put the libre podcast somewhere where it's easy to stream
@MentalOutlaw
9 ай бұрын
checkout my farming channel www.youtube.com/@TheBasedFarm
@davidcampos8795
9 ай бұрын
@@MentalOutlaw based joel salatin
@SOULSEEKERBEATS
9 ай бұрын
Based tech drake
@guy_autordie
9 ай бұрын
I love how DNS-over-https is: Doh!
@petekrumb4936
7 ай бұрын
Wow, not only a full time NBA player on the best team in the league, but you run a successful hacking KZitem channel as well? Inspirational man
@vectorvirus343
9 ай бұрын
Also combine it with pihole to have the ultimate DNS server
@nerf2752
9 ай бұрын
Care to explain the thumbnail? dark-skinned Sikh guy crying with a bindi. What exactly is it supposed to mean?
@mytech6779
9 ай бұрын
The net provider can still see and log the raw IP on all the packets you send; at that point reverse DNS is a pretty trivial way to get those URL logs.
@adamm6051
9 ай бұрын
One day when I finally will understand how computers work your videos will be very helpful to me. Too bad I know jackshit atm. Keep up the good work!
@johnvogt621
9 ай бұрын
Hope you'll do an update when all the features you mentioned (secure hello etc) are available. Thanks
@johngleeson7919
9 ай бұрын
Technitium DNS is another nice option, particularly if you want a GUI. It also has adblock capabilities, and can do DNS wildcard, which is helpful for self hosted applications.
@someshkilari
9 ай бұрын
Interesting thumbnail, especially the crying person in thr middle. Does it refer to anyone specific?
@Grogueman
7 ай бұрын
His step-father, who is alleged to bang his mom in his full view.
@locusf2
9 ай бұрын
ECH is really good if you're using TLS cipher suite based virtual host.
@LordHog
9 ай бұрын
This video is very timely, thanks, sir
@MichaelGolpe
9 ай бұрын
4:31 feeling the groove on that music!
@MichaelGolpe
9 ай бұрын
@@Kuznet609 Thanks 😊!
@da_revo5747
9 ай бұрын
Bro what is that Indian character? Literally a mix of all the completely different stereotypes. 😂
@sprytnychomik
9 ай бұрын
Mom says we already have DNS at home. DNS at home: /etc/hosts
@fuehwbdb3765
9 ай бұрын
Uff there is some dust on your meme but I appreciate it 😂 just like my old pentium.
@MarloMitchell
9 ай бұрын
is there a written guide?
@pajeetsingh
9 ай бұрын
20:29 Add domain to host file.
@ncrvako
9 ай бұрын
Mental, your are one of my favourite ytbers to love and hate at the same time. One day i will start paying proper attention to your videos teachings.
@midknightfenerir
9 ай бұрын
Your are best thanks for information and everything you do in the community.
@007Strings007
9 ай бұрын
Other than making your network faster does this really add anything. I mean DNS list are pubic and are used to associate URLs to IPs, using your own DNS server or someone else does not stop your ISP or anyone from seeing the IPs of the websites you are visiting and if they can see that they can do a reverse DNS search to fined what website URL you are going to. Am I right about this?
@njts
9 ай бұрын
What software are you using for your email server?
@HerbyDigitalTV
9 ай бұрын
I want everything hosted locally.
@13thravenpurple94
9 ай бұрын
Excellent video 👍 Thank you 💜
@alexlopez5800
9 ай бұрын
😂 thumbnails are A1
@44544abc
9 ай бұрын
good videos buddy - keep it up
@nikoraasu6929
9 ай бұрын
Luke Smith is not uploading on his main channel due to focusing on creatimg great deepfakes for this channel, good job Luke
@adriansrealm
9 ай бұрын
You can't add a DNS name as a DNS server, how would it know how to resolve it?
@reizaifafu
9 ай бұрын
i never knew that Jayson Tatum also teach on how to host our own dns server
@shellcatt
8 ай бұрын
Props for the arcade music :D
@dubstep1
9 ай бұрын
Thanks drake
@kaydog890
9 ай бұрын
Real men don't need a DNS, we just go directly to the IP addy
@azulamazigh2789
9 ай бұрын
Voltr has offices in Israhell so it's not an option
9 ай бұрын
I don't understand what this is for, or how it works. You eventually need to get the data from somewhere, and you usually want the current data, so you have to regularly ask the TLD providers or the domain owners (or someone else who asked them before, like Google or Cloudflare) for that. You can cache the data for a while, but I thought, that is already been done automatically by your software (maybe the OS?), since every DNS entry has a Time To Live information. Or is this only for people who want to offer a DNS service for other people?
@nuhanfaiyaz5541
9 ай бұрын
If someone have no knowledge of online privacy/security, password and sensetive information management. Where should he start? And Do you recommend to learn how to use Linux and get rid of Windows?
@sonny8085
9 ай бұрын
Can I ask what server software you use for your Linode email server?....I was thinking of using Axigen, but am looking for advice. Thanks
@WerogIjo
8 ай бұрын
OMG...this really work
@user-jns28bz
9 ай бұрын
I don’t have much knowledge of DNS, and how the internet works in general, so my question is whats the difference between this and pihole + unbound?
@MarceloVeronezzi
9 ай бұрын
04:09 This looked like straight from the hacking time scene of Kung Fury (and I mean it as a positive thing). 😁
@DontDissTheProgram
9 ай бұрын
Intresting! ...thanks
@vzool
9 ай бұрын
Hi, what version of bind9 you had, I have an issue here: BIND 9.16.44-Debian (Extended Support Version) root@dns:/etc/bind# nano /etc/bind/named.conf.options /etc/bind/named.conf.options:1: unknown option 'tls' /etc/bind/named.conf.options:5: unknown option 'http' /etc/bind/named.conf.options:13: unknown option 'http-port' /etc/bind/named.conf.options:14: unknown option 'https-port' /etc/bind/named.conf.options:19: '{' expected near 'tls' Any suggestions? Thanks
@coldbrew6104
8 ай бұрын
Doesn't your own DNS server still need to look up addresses to nameservers? At least they wouldnt have records each time you visit a site, but they'll still have record of you looking it up occassionally as your DNS server refreshes its cache
@Picture_Pig
9 ай бұрын
Vultr Vait (Walter White)
@LokiScarletWasHere
9 ай бұрын
Another reason this setup doesn't support ECH is the browsers that support it are very picky about which DoH servers they will allow for ECH. I tested even with a server with a real cert, with different SSL libs, and it simply will rarely if ever allow ECH on a personally owned server. They only trust certain parties for use with ECH, whether it be Chrome/Chromium or Firefox.
@apache937
9 ай бұрын
is there any reason for that? there may still be some advanced config change possible, or at worst case build from source with your server added. but who will do that?
@LokiScarletWasHere
9 ай бұрын
@@apache937 Well, seeing as DoH is the big tech version of DoT, and no browser supports ECH with DoT either, I'm sure you can infer a pattern. A build from source with your own server trusted would do the job in theory, but like you said, aint nobody gonna do that.
@paxdriver
9 ай бұрын
21:45 "it's a trap!" lol
@CMDRunematti
9 ай бұрын
I'm using a raspi with pihole and unbound... Don't think it's encrypted tho but I definitely am more secure
@davidholland6164
9 ай бұрын
I host adguard home on my raspberry pi with encrypted dns it's great
@jim7251
9 ай бұрын
Good solution, if reverse-DNS lookups are not routinely done by ISPs on general population.
@pizzza5452
9 ай бұрын
The thumbnail lmaooo
@simkoo8582
9 ай бұрын
Would Technitium DNS Server be a good option for a local DNS server? I've had it running for a few weeks, and doing the same DNS tests gives the same results as in your video, but it is 1 click setup with a web interface. It does appear to also be open source.
@RedSntDK
9 ай бұрын
I've used Stubby and personalDNSfilter before as a Windows user and just found Technitium. Seems a lot more polished and feature rich.
@mastadon1227
8 ай бұрын
Who makes your thumbnails ?
@brkbtjunkie
9 ай бұрын
Is this different than the dns caching on a edgerouter? Forgive my ignorance
@BushWckz
Ай бұрын
OH SHIT! for a brief momento I thought you was Jason Tatum.. then yo tshirt fucked up lol
@fee6f63b
9 ай бұрын
what was the song being played around the beginning?
@dfgdfg_
9 ай бұрын
Any issues using DNS over TLS? Should I switch?
@RespectRazz
6 ай бұрын
Ayo it's Jayson Tatum
@MattCamp
9 ай бұрын
should make a Nix Flake for this...
@whateveritwasitis
9 ай бұрын
if this is supposed to be for script kiddies and noobs, one only need read the comments to go completely insane. every argument sounds right. its maddening.
@shephusted2714
9 ай бұрын
just make your pihole do recursive dns, no need for overpriced linode instance #unbound
@tommyking626
9 ай бұрын
When you are able to and your isp didnt do dns redirect on ports 53, then doing using pihole is better. But if your isp is redirect ports to their dns server, then using vps is the right way to do it. #unbound team
@vandorb12
9 ай бұрын
Thanks for thr tutorial and its certainly a step that I plan to take with my network. My problem is that i want to keep tabs on all dns traffic and having DoH client-side is not ideal for that. Hopefully you or some forum guru will come out with an easy to follow guide for local recursive secure DNS when communicating with the outside world.
@hanabiilesley
9 ай бұрын
awesome vid
@andysurfer318
9 ай бұрын
Cpuld you setup on bsd?
@chickenwings273
8 ай бұрын
noob question i thought no matter what i did my isp would still be able to see what website i visited?
@wartsonballs
6 ай бұрын
This is how the internet functions, in a nutshell: The data you want to send to a server is usually encrypted before being sent to your ISP, therefore, no one between you and your ISP can snoop on your data. The ISP then, connects to the server you want to access and dialogues with it for you. You query 'mental outlaw', on youtube. Your ISP encrypts this to prevent snooping and sends this to their own server. They then decrypt this at their server and send it over to KZitem. A VPN Client will redirect your query to their server instead and will use a different method than the ISP to encrypt the query, and sends it in this format to the ISP, here the ISP has no idea what the content is, and due to the VPN clients redirect, the ISP sends this to the VPN server instead. The VPN then connects to KZitem for you. So using a VPN, or similar technology prevents ISPs from seeing your activity, all they can see is that you're connecting to a VPN server.
@pajeetsingh
9 ай бұрын
5:40 Imaging not having own CA.
@prec1sion548
8 ай бұрын
Big problem with this is DNS Amplification.
@ankuryogi3298
9 ай бұрын
Awesome
@Kankooro
9 ай бұрын
With every one of these videos, I think I understand less and less. I probably should take a class.
@Wolferia
8 ай бұрын
I love u mental outlaw
@hujwtf
9 ай бұрын
hey just want to let you know - don't you ever even try to host public DNS server unless you know what you're doing. I have abandoned my project of free public uncensored DNS over HTTPS server after just 3 months, because there is basically no way to block DNS amplified DDoS attacks when you are just a single guy with some servers. You have to use other antiddos solutions which are compromising users' privacy. Hosting DNS servers is nightmare. Even bigger than hosting your own mail server.
@posturegap745
9 ай бұрын
Dont forward dns servers keep records of responses?
@papato20
9 ай бұрын
finally!!!!!!!!!!!!!!!
@timothypulliam2177
9 ай бұрын
Curious why you disable PAM in sshd config
@Rickety3263
9 ай бұрын
Or you could just turn on the resolver on your pfsense
@frogery
9 ай бұрын
very cool
@crowlsyong
9 ай бұрын
Plz make update video when encrypted client hello is available
@kenny-ou5pn
8 ай бұрын
Doesn't the ISP have the records of all the sites you've visited?
@gteixeira
8 ай бұрын
If the DNS request was done outside the ISP (like it is here), they will only see the IP. It makes harder for them to log your browsing habits.
@flooooooooooooooooo
8 ай бұрын
My ISP is comcast and they will reroute every DNS query to their servers 😦
@SlashCash29
8 ай бұрын
based
@nuclearnator
9 ай бұрын
Can i do this on a raspberry pi?
@StaryWkurwiony
9 ай бұрын
i dont get this privacy setups-DNS/VPN/proxy/you name it, on someone's else computer(cloud).its nonsense.
@Kyller3030
9 ай бұрын
Some other comment mentioned that doing it this way is the only way around it if your ISP uses that port to redirect to their own dns or something like that
@RazoBeckett.
9 ай бұрын
i wanna do it for pihole how to do that ?
@neff6106
8 ай бұрын
Why would this even matter when you could use your ISPs DNS servers? I can understand the benefit in an enterprise network, but not in this sense.
@Angel_0987
6 ай бұрын
bruh
@neff6106
6 ай бұрын
@@Angel_0987 ???
@wartsonballs
6 ай бұрын
Using your ISP's DNS allows your ISP or your goverment to collect data about you. If this ISP gets compromised, your information could be released to the public, or if your government turns a little tyrannical, you could get in trouble for saying bad stuff about it in the past. These are just two examples, there's more stuff that could happen.
Пікірлер: 349