Can you explain this DNS thing further, please?

I start with what I understand. DNS stands for domains name system, which means a huge database of domain names and their IP addresses. When I ask for a website, DNS tells my computer / browser which IP addresses to look for, to reach the website.

At home, I have Pi-Hole and Unbound. The first one censors DNS addresses by not including domains that serve advertisements. It can work with various DNS providers, including those from Google or Cloudflare. Unbound allows me to self-host DNS database, periodically fetching it from somewhere. That way my ISP may not see … here I’m not sure what, DNS lookups? It sees which IPs I reach, so I assume there’s no big difference, if they’d want to know which resources I reach for. Frankly, I don’t understand this solution entirely, perhaps unbound is for something different. I used Pi-Hole without it for years, only recently I added unbound, because it was quite easy to do with DietPi distro.

Cloudflare actively promotes their WARP service, for people to use their DNS servers. They have three options, four ones, three ones and two, three ones and three. My guess is they theoretically can analyse these DNS lookups for some reason. (E.g. by partnering with three letter agencies, doing some service for them.)

What is DNS in the context of my website being registered with them? When I reach to my website, or any other website registered with them, what would happen? Isn’t the record everywhere already? I cannot understand what this means in this (different, isn’t it?) context.

The rug pull scheme ‘now you pay us for DNS too!’ seems unlikely, for some reason. If it’s no different from what they provide as a free service. If it’s something else, I assume you can migrate to any other registrar, unless you’re too heavy into their ecosystem.

On a personal note, I’m not too heavy into their ecosystem, I hope. I have a couple of static websites hosted for free with Cloudflare Pages. Plus I have a bare metal file server with images which is shared to the internet with Cloudflare Tunnel. I’m nobody with a few readers, tens of posts and hundreds of images, and I chose this architecture because I don’t understand how to properly self-host my blog on a residential connection (meaning dynamic IP behind a CG-NAT or what it’s called). When I do, I may drop them in favour of a simpler architecture. But also I was curious how it works.

So, saying all this, I still don’t understand what this them being an authoritative registrar means in this context. Perhaps I lack some web dev skills to understand that properly. When I had my domain with Squarespace, they allowed more than Cloudflare, but I lack understanding to properly formulate that, to even understand what it was. I think I could host my top level domain with Cloudflare Pages only when they are my registrar, while having those Pages on a subdomain was trivial even with a different registrar. If I remember that correctly now, I might’ve been confusing some things here.

Thanks for your previous explanation, it was quite informative.

Thanks! I haven’t thought of com as being the real TLD, actually!

Thanks! It’s a bit more clear now.

To contribute to the discussion, I remembered that with Squarespace (my previous registrar), I had unlimited redirects, which I used heavily. I am not really sure about the unlimited part, perhaps that was hidden somewhere in the interface, and they have limits, and I just never saw them. But I remember Cloudflare communicated I have like 10, so I decided to not use it for nice-to-have but not really needed things. E.g. I used a subdomain for a blog, and created redirects for typical misprints in my name. Was handy, but not really needed. I should have document this, but I was too busy at the time, and now, almost a year later, I don’t really remember. There were differences with Cloudflare and Squarespace.

My first registrar was Google domains. As always, they killed the business. And sold it to Squarespace. I’ve been their customer for a year or two, nothing bad I can say, except the price was about 1.5 or even 2x of that from Cloudflare for com domain, so I migrated there. I have no deep understanding of the nuances, so I cannot say whether Cloudflare is a bad actor. At least I trust them to not elevate the price, as it’s not their primary business, sell domains.

I see that, but what does it mean in practice?

I have my domain with Cloudflare too, and at this point, I’m not aware of these DNS servers. Can someone explain it a bit? I know what DNS is, but I don’t understand what’s the use case for having them elsewhere. I’m not to argue, just didn’t know where to register a domain, so I went with them. I’m concerned with the future of the domain either, but don’t understand the issues at this early point.

It’s even worse than advertisement. As it’s useless.

Oh, thanks, I missed it. It’s a very long thread. I’ve read only the first 40 messages so far, so I cannot really comment on that. But here is a nice advice from there:

FWIW It is possible to run Syncthing via Termux — it’s not as integrated but it runs fine.

What is wrong with the fork from F-Droid? I use it. I see no difference with the original, I’d say it’s even better. If you don’t trust them for some reason, why discard Syncthing as a project? I assume it can be built then. But I have no idea how.

By the way, I’m happy to use Sushi Train on iPhone. Works very well, and is lovingly polished. Now Syncthing is a centrepiece of my workflow to sync my files.

Have you tried a non-tech solution, like putting the drives into some noise absorbing materials, or isolating the sound with the hard case, things like that? That may sound not really obvious, but my guess is that you can at least get some noise off with a solution like this.

I won’t go with SSDs for a NAS as it’s very expensive. But if money of no concern, that Beelink thing looks impressive.

Thanks for not much, I have never heard of it before.

Did anyone try CLI clients, like (neo)mutt for that? I expect it can be set up on a server (if we consider self-hosting) and do this job automatically. While all the AI thingy feels like magic, my practical experience shows that there are just some keywords or even just the sender, with which mails can be sorted.

I do agree with you, entirely. My point is, it was the easiest option. I guess self-hosting Headscale should eliminate that, if there’s nothing suspicious with the clients.

Also, I tried Netbird, and it was good, but a bit more complicated. I didn’t like it UX wise, but that could be me not having enough time to explore. I have it installed with my mum’s PC at her home. My infrastructure uses Tailscale now.

Also, there are other alternatives. I haven’t tried them yet. All I wanted to say, there are compromises everywhere, and dealing with the US is the compromise for now.

I’m located in Ukraine, so personally, I wish them what they want to push on me — this administration wants me and my family to die for the orange monkey to steal some more money for himself, betraying his own country; I guess that’s obvious for all of us.

But I just think for me personally that’s rather a vector of my movement rather than changing things momentarily. So, to me, Tailscale was a god send. As I struggled to get through this. Now I understand it a bit better. I’d love to setup WireGuard myself, I just lack some knowledge, and also time plus energy. I hope I’d do that this year. We’ll see. Thanks for enhancing my point, and happy new year.

I’d say the same. About money, I’d formulate this differently: most of the people here would be happy to help for free, I believe. And the author could just ‘thank with a coffee’ kind of thing, if they feel like it. I see that’s as a very nice option for everyone.

With the 3rd part, I’d recommend going with Tailscale, it really helps for folks who don’t understand many things yet, and is super easy to setup. The free tier allows 3 users and 100 computers, so even if you need more, it’s easy to start with that, learn things and then change this aspect.

Personally, I have tremendous issues with paper notebooks. I love them for random notes, but not structuring things. I started a blog a year or so ago, and it was very rewarding to document everything there. My blog is not online yet, but I plan to publish it within a month or so. If things are good, maybe the next week even.

I wanted to tell others that if you want any help setting up a simple blog for yourself, you’re welcome to ping me, I can help you with setting that up, and you may see what difference it makes! I so so so wish I had that done years ago, but at least I started already.

Yes! I literally wrote the guy (or gal) the same thing personally, before reading any comments. Keeping a journal helps so so much! Start a blog if you can, I only started it in 2025 (having some random notes here and there before that), and it’s so so so rewarding!

Also, GPTs help a lot, especially when you’re able to verify the outputs. It’s somewhat challenging, to understand it’s lying, if you’re new to the topic, but I noticed it’s quite good at the simple questions, especially tech ones.

I’ve got an impression that rather a friend than a consultant is needed. Unfortunately, I’ve got none when I needed them so much. But I think I can be someone’s friend, so feel free to ping.

I wasn’t able to read all the replies, but I thought I’d like to state that I quite enjoy the community! So many people willing to help, and discuss things. I wish I’d found the community much earlier, when I just started the self-hosting adventure.

Not much from me, but it wasn’t clear to me whether you were successful with WireGuard. I’m not, till today! So I can’t recommend Tailscale more! Others recommend things like Headscale, or others, I plan to migrate to them one day. But so far, Tailscale was really good for me.

I use it on a Raspberry Pi 2B and Orange Pi Zero, both work wonderfully for the task, and it looks like Pi-Hole can work fine even on a router. Both of my SBCs are passively cooled, that’s why I decided to comment on the photo: you don’t need a computer this powerful to run it. As far as I remember, my very first Raspberry Pi (v. 1B or something like that) handled this task very well too. I temporarily retired that SBC in favour of Orange Pi Zero, so I cannot say for sure, but I think that computer had no issues with being fast enough for Pi-Hole. Really, give it a try if you didn’t, it’s ‘install once and forget’ type of software. Perhaps it should be updated periodically, but I don’t manage that. The only nuance with it, you need to have two computers, for the redundancy. Otherwise you’d be having downtimes when you need to turn off the SBC, or even reboot it.