As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.
As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
I my experience it is also faster.
I believe you can use DNSSEC directly with root servers.
Would pihole work if all the major DNS that gets pulled resolved the same? I would imagine the change would only work for a while.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.