When I was selecting the default DNS settings for the Althea firmware I wanted to choose a few publicly available but privacy focused DNS servers that I could have a reasonable expectation of not storing queries.
While this isn’t exactly a great comfort considering that DNS requests are still made in cleartext it’s marginally better than feeding more data to Google.
Or at least I thought. Recently NordVPN decided to move their public DNS server address if they had merely shut the service down the Althea firmware would have failed over to Mullvad’s DNS and been fine.
But instead the service now returns all queries with redirects to the server change announcement.
We have a patch in that will fix this issue in Alpha 6, users will either have to manually delete the lines containing the ip 126.96.36.199 in /etc/resolv.conf and /etc/config/dhcp on their devices or reflash with Alpha 6 once it is available Thursday.
As a response our new default DNS server selection is Cloudflare, followed by Hurricane Electric and L3. While maybe not as privacy focused we can expect that these services won’t be pulling the same tricks any time soon.
We’re still in the process of playing around with DNSsec by default, so we won’t be rolling it out with this fix, hopefully in the next few releases.