====== DNS ====== tumaBox offers a public DNS service. Why should you use our DNS? Because: * You don't want your ISP or other DNS provider to forbid/forge/redirect the domains that you access. We only return true responses as received from authority servers. * You don't want your ISP or other DNS provider to log any domain that you access and build profiles on you. We don't keep logs of the domains that you access. We don't do profiles. We respect your privacy. * You don't want your ISP or other DNS provider to snoop every domain that you access. You'll have to use [[http://dnscrypt.org/|dnscrypt]] for this (see below) and also an encrypted protocol in your application (such as https, ssh etc.) * You don't want to depend on US based ICANN and you don't want to support their monopoly on domain names. We use [[http://www.opennicproject.org/|OpenNic]] root servers. * You want to access non-ICANN (unofficial) domains supported by [[http://www.opennicproject.org/|OpenNic]] === Advantages === * We do not log domains or ips. * We only provide answers as we receive them * We use [[http://www.opennicproject.org/|OpenNic]] root servers. These are alternative community supported root servers that include all "official" domain names but also provide new TLDs that are not accessible when using "normal" DNS servers. You get access to .bbs .geek .pirate .indy TLDs and many more. For a complete list of OpenNic TLDs (that are not accessible with "normal" DNS servers) see [[http://wiki.opennicproject.org/OpenNICNamespaces|here]] * We provide [[http://dnscrypt.org/|dnscrypt]] service. This means that all domain queries and answers move encrypted between your computer and our servers. * We support both ipv4 and ipv6 * It may be faster than your current DNS provider === Disadvantages === * It may be slower than your current DNS provider * We don't currently support DNSSEC so there's still a possibility of forging by an upstream server * There is no such thing as end-to-end encryption in DNS. Even if you use dnscrypt the information will move unencrypted between our server and upstream servers ===== How to use ===== Simply point set your nameserver to: 195.201.136.235 for ipv4 or: 2a01:4f8:1c1c:6694::1 for ipv6. Refer to your operating system documentation for how to do this. ===== Dnscrypt ===== If you want the queries and answers to move encrypted between your computer and our server you'll have to use dnscrypt. See [[http://dnscrypt.org/|here]] how to install a dnscrypt client on your computer. You'll need the following information: * ip: 195.201.136.235 or 2a01:4f8:1c1c:6694::1 * port: 5353 * provider name: 2.tumabox.org * provider key: D591:7B11:6A35:3114:C238:AA99:A6EB:0C28:7CF7:6805:41AC:5DBF:A8A0:239E:228C:5B06 ===== Warnings ===== By using this service you take full responsability. We do NOT take any responsability whatsoever. The terms and/or availability of this service may change without prior notice. Unfortunately the internet as it is makes IP spoofing available which makes many attacks possible. The way DNS was designed makes it a particularly interesting target for such attacks with DNS amplification attack being one of the most popular. We do not want to support such attacks and this is why **we reserve the right to rate limit, mask particular domains or block access to this service entirely without any notice**. If you this doesn't suit you please don't use our DNS service. The rate limits are designed for a typical personal computer or home network. **If you're usage pattern needs more than this use dnscrypt**.