this post was submitted on 22 Apr 2025

46 points (97.9% liked)

Buy Canadian

2007 readers

47 users here now

A community dedicated to buying Canadian products.

Une communauté dédiée à l'achat de produits Canadiens.

Rules:

1. Posts must be related to buying Canadian-made goods and / or using Canadian-owned services

2. Absolutely no bigotry will be tolerated. This includes, but is not limited to, racism, sexism, homophobia, transphobia, etc.

3. AI Content Policy

Not allowed: AI-generated images or articles

Tolerated: AI-generated post summaries

4. When discussing a Canadian product that isn't available nationally, please do your best to specify where it can be purchased

5. Only content in French and English is permitted

6. Declare all self-promotion

Users are encouraged to report any content that violates our community guidelines

Règlements :

1. Les poteaux doivent être en lien avec l'achat de produits et / ou de services opérés par des canadiens

2. Aucune bigoterie ne sera tolérée. Ça comprend, mais sans se limiter à, le racisme, le sexisme, l’homophobie, la transphobie, etc.

3. Politique sur le contenu IA

Non permis : Images ou articles générés par l'IA

Toléré : Résumés IA de publications

4. Lors d'une discussion sur un produit canadien qui n'est pas disponible à l'échelle nationale, veuillez faire de votre mieux pour préciser où il peut être acheté

5. Seul le contenu en français et en anglais n'est toléré

6. Déclarez toute auto-promotion

Les utilisateurs sont encouragés à signaler tout contenu qui ne respecte pas nos directives communautaires

Related communities: Communautés connexes :

[email protected] [email protected] [email protected] [email protected] [email protected]

founded 2 years ago

MODERATORS

Pi-Hole (lemmy.ca)

submitted 4 days ago* (last edited 3 days ago) by Reannlegge to c/buycanadian

12 comments fedilink hide all child comments

Once upon a time there was discussion about the DNS servers 8.8.8.8 and 8.8.4.4 and how we need to move to a Canadian one. The one passed around was 149.112.121.30, CIRA (protected).

I had said something about going a step further and just using your own via Pi-Hole and Unbound. Someone I do not remember who as that is why I am posting here said yes but the pi still has the DNS server you set it up with, they said they would look into it further at a later date If they did look into it and post something I am truly sorry as I cannot find it.

I have gotten into using less US internet things and I recently got to find out that I needed to figure out my VPN setup a little better. This lead me into a deep valley of infosec and I am trying my darndest to strip things away. Anywho I was looking into something and there was mention of apps possibly falling back to system DNS so I found /etc/resolv.conf where I changed my DNS system on my 3 currently operational pi’s to access DNS like this.

Edit: I fixed some editing and hopefully made the commands more clear

This was bolded (I guess putting the comment marker first in the line makes it bold) but inside of the conf file at /etc/resolv.conf I changed it from,

Generated by NetworkManager

nameserver 9.9.9.9 To

Generated by NetworkManager

nameserver 172.16.1.50 # Primary Pi-hole

nameserver 172.16.1.52 # Secondary Pi-hole

nameserver 149.112.121.30 # Canadian DNS (CIRA Canadian Shield: Protected)

I also needed to add this to the end of /etc/unbound/unbound.conf.d/pi-hole.conf

This is for Canadian and psuedo-Canadian backups.

forward-zone:

name: "."

forward-addr: 149.112.121.10 # CIRA Canadian DNS

forward-addr: 9.9.9.10 # Quad9 Canadian (with filtering)

forward-first: no

I get into computer projects and find ways to one up myself, I wish I could say I crash tested everything the old fashioned way but I have used ChatGPT to crash test things. Only because I do not have a computer with a strong enough graphics card to run a local LLM and breaking one thing could set me back hours or even days.

all 14 comments

sorted by: hot top controversial new old

[–] KingOfTheCouch 2 points 2 days ago

9.9.9.10 is not a "canadian version". It's their "Unsecured: No Malware blocking, no DNSSEC validation (for experts only!)" address. See: https://www.quad9.net/service/service-addresses-and-features for more information about their different DNS addresses.

Quad9 is a Swiss non-profit. Check the rest of that page for more information on what they do and what they offer.

CIRA is the government sanctioned registrar overseeing the top level domain ".ca". As a non-profit built for this purpose, they have branched out to both DNS (as discussed here), as well as operating an Internet Speed Test.

Whichever way you go, don't get too hung up on this. Moving away from 8.8.8.8 (or even 1.1.1.1 if anyone uses cloudflares service) is your goal. Even going back to your Canadian ISP's DNS is going to be adequate as well if you just want to replace Google.

[–] avidamoeba 6 points 3 days ago (2 children)

What kind of organization is CIRA? For-profit, non-profit, etc? How does it pay the bills?

[–] any1th3r3 10 points 3 days ago (1 children)

Per their website:

As a non-profit that engages with a number of stakeholder groups across Canada’s internet, CIRA believes that transparency is essential to good governance.

They also detail their compensation and expenses further down that page.

[–] avidamoeba 0 points 3 days ago* (last edited 3 days ago) (1 children)

So you're saying it's safe to use their DNS without worrying much about data collection? 😂 I like it.

[–] Reannlegge 3 points 3 days ago

Being non profit in Canada does mean stuff about their income, Quad9 Canada is a US nonprofit so they are not into looking to sell your data but they are from the US. I do not like my data being seen by others as that is why CIRA is third in the list and Quad9 is forth in the list.

[–] poor_choices 1 points 3 days ago (1 children)

Here is the source for the IPs:

https://www.cira.ca/en/canadian-shield/configure/

[–] Reannlegge 1 points 2 days ago

Awesome sauce, I can make move quad9 Canada even lower down the list! I did not know that CIRA had 2 addresses for each level, I really should have but you know things get missed!

[–] anguo 3 points 4 days ago* (last edited 4 days ago)

the pi still has the DNS server you set it up with,

As I understand it, you are solving this with Unbound.

Edit: but your forward-zone settings now make CIRA your external DNS provider

[–] onTerryO 3 points 4 days ago

A link to the applicable CIRA website: https://www.cira.ca/en/how-canadian-shield-works/

[–] onTerryO 1 points 4 days ago (1 children)

Thanks for this, I have updated my settings. BTW you can do this all in the GUI - just copy and paste the addresses into the box at the bottom of the DNS settings page and then click save. Then uncheck all of the boxes for the upstream DNS servers and click save again.

149.112.121.10
149.112.122.10

Not sure of the syntax for the IPV6 servers, I will update if I figure them out.

[–] Reannlegge 1 points 3 days ago

When the pi was setup it was using Quad9’s 9.9.9.9 as I did not know that there was a Canadian version 9.9.9.10, there could be apps that try to get past pihole by going to the pi’s original DNS resolve address so I changed that, and I updated unbound to get the information from CIRA first and then quad9 Canada second.