Luxembourg ~ Google DNS.

[Chris]

Hi there,

We are weighing the pros and cons of each DNS. While they may have a good case privacy and location wise, OpenNIC has been less than reliable in our experience.

[Indingo]

Thanks Indigo.

Im using the BRLU01 (LUX) now

IP                     Hostname                   ISP                    Country
62.141.38.230    none    myLoc managed IT AG    Germany


Reuben, Chris, will be you be changing the USA Google DNS soon on the new swiss and some of the lux servers?

Alright, cool. that DNS is run by OpenNIC and has logging disabled. Glad you got the config fixed, I hope the DNS gets fixed on these servers, as there is no real reason to not use non-logging OpenNIC/GermanPrivacy/SwissPrivacy foundation DNS servers over the ones that good provides.

[Indingo]

Hi there,

We are weighing the pros and cons of each DNS. While they may have a good case privacy and location wise, OpenNIC has been less than reliable in our experience.

Then why not use Swiss/German Privacy foundation servers? When I first brought the issue up you said it was because of server downtime. I was playing around and for me the up-time seems to be at a good 99%+, If you really wanted to you could use one of each DNS servers, but really you don't need to, they have never failed on me or been down before, I think they are more then adequate, and the privacy value is much greater then with Google or OpenDNS. Its one of the reasons I asked for a "Input DNS" box in the new version of the client, so if people wanted to use their own DNS server, they can.

(Or maybe just use the Default DNS for the OpenVPN server we are connecting on, which most other VPN companies do, and BolehVPN did before changing it for some reason)

Just to give a clear explanation to why Google is a bad DNS provider for a VPN service.

(Privacy

It is stated that for the purposes of performance and security, only the querying IP address, which is deleted after 24 hours, ISP, and location information (kept permanently) are stored on the servers.[15][16][17]

According to Google's privacy policy, "We [Google] may combine personal information from one service with information, including personal information, from other Google services". While there is no mention of the DNS service in the main policy—the privacy page of the DNS service states that information is not "correlated or combined" with "personally identifiable information"—the question remains whether a generic but persistent tracking identity is considered "personally identifiable information".[18])

In bold is the issue, using the exploit I have explained before they can correlate DNS requests to email accounts, YouTube and pretty much anywhere on the web with a Google trackers or analytic. Basically say goodbye to the privacy afforded by a VPN.

[robustheart]

Google is like antonym of privacy. They are always in mood to store every bit of information about every living human being on this planet. I am not that IT expert but one thing I have learned over years while using internet is google is bad for privacy and google and VPN(true) service provider have exactly opposite intentions. If alternatives are available then google should be avoided. Having said that I'll like to add I have complete trust on boleh people and I am sure they will take care of our privacy and will do what is best for boleh users.

Thanks to indingo for bringing this issue up. Truly appreciate all those users who are creating awareness and not have taken things for granted.

[Chris]

When we were testing out Swiss/Germany privacy foundation servers, we ran into periods of time where they simply didn't respond or were extremely slow. As this was on our gigabit servers, quite a few of our users were affected. Thus the move away.

We'll give the Swiss privacy foundation one last try on our new Swiss servers and see how this goes.

[Indingo]

When we were testing out Swiss/Germany privacy foundation servers, we ran into periods of time where they simply didn't respond or were extremely slow. As this was on our gigabit servers, quite a few of our users were affected. Thus the move away.

We'll give the Swiss privacy foundation one last try on our new Swiss servers and see how this goes.

That is very strange, in the past I had used them on a nearly 24/7 basis and never had issues. If it does not work out, again maybe the solution would be to manage your own DNS. I am sure there is a public list without modifications that can be trusted, I am not exactly sure because I have never run a DNS myself with OpenNIC but don't they have their own list everyone uses? If so maybe you can run your own DNS using OpenNIC's update-able list and you won't have to worry about security or downtime because you will be running it yourself. I can however say with absolute certainty that the following DNS servers are no good for privacy. (PS: If you do make your own DNS I would recommend Canada & Switzerland as your two DNS locations, as that will have the best coverage and those countries have good DNS/data laws)

Google DNS
OpenDNS
Symantec/Any Security Vendor DNS. "including C.O.M.O.D.O DNS."

I only really trust Swiss/German Privacy foundation DNS servers, and OpenNIC.

&  I would avoid Chaos Computer Club, I don't trust them.

Thanks to indingo for bringing this issue up. Truly appreciate all those users who are creating awareness and not have taken things for granted.

Thanks Robustheart.

I just want to help in anyway I can to improve BolehVPN and help out our community, I will always bring up any security or related issues when and if I find them. I just hope the BolehVPN team don't get too annoyed by my constant pestering haha.