No Grip All articles
Culture

You Don't Know Who's Reading Your DNS — But They Do

No Grip
You Don't Know Who's Reading Your DNS — But They Do

You Don't Know Who's Reading Your DNS — But They Do

Before your browser loads a single pixel of any website, your internet connection makes a phone call. It dials out to a server somewhere and asks, essentially, "Where does this address actually live?" That server answers, your connection gets routed, and the whole thing happens in milliseconds — fast enough that you never notice it, quiet enough that you never think to question it.

That server is called a DNS resolver. And in almost every American home, it belongs to someone else.

The Middleman You Never Hired

DNS stands for Domain Name System. It's the internet's phone book — the layer that translates human-readable addresses like nogrip.net into the numerical IP addresses that computers actually use. Without it, the web as most people experience it doesn't function.

Here's the part that tends to land differently once you sit with it: every single domain you look up gets logged somewhere. Your ISP's resolver knows you searched for a new doctor at 11pm. Google's resolver — the famous 8.8.8.8 — knows what news sites you visit, what forums you lurk on, what you started to look up and then thought better of. Cloudflare's 1.1.1.1 promises not to keep logs beyond 24 hours, which is better, but "trust us" is still the underlying contract.

You never signed up for any of this. It just came with the router.

The People Who Stopped Trusting the Default

Marcus, a network engineer in Raleigh, switched to running his own DNS resolver three years ago after digging into what his ISP was actually doing with query data. "It's in the fine print of almost every residential internet contract," he says. "They can sell anonymized browsing data to third parties. Anonymized is doing a lot of heavy lifting in that sentence."

He now runs Pi-hole on a Raspberry Pi in his living room closet, paired with Unbound — a lightweight, open-source recursive resolver. Pi-hole handles ad and tracker blocking at the DNS level. Unbound handles the actual resolution, going directly to authoritative DNS servers instead of forwarding queries to Google or Cloudflare. Nobody in the middle. Nobody logging.

"The first week I had it running, I could see how many DNS queries my smart TV was making," Marcus says. "Hundreds per day. Just sitting there, doing nothing. That was the moment I realized how much was happening without me."

Sarah, a small business owner in Portland, Oregon, made a similar move after a targeted ad appeared for a product she'd only discussed verbally near her phone. Correlation or coincidence, she couldn't prove it either way — but it pushed her to audit her entire home network. DNS was one of the first things she locked down.

"I'm not a conspiracy person," she says. "I'm a person who read enough to understand that data collection is a business model, and I didn't want to be part of it for free."

What You Actually Get Back

Running your own DNS resolver isn't just a privacy play — though that's a big part of it. Here's what people who've made the switch actually report gaining:

Visibility. A self-hosted resolver shows you every query your network makes. That includes your phone, your laptop, your smart home devices, your kids' tablets. You see the full picture of what your household is reaching out to, and when.

Ad and tracker blocking at the network level. Pi-hole in particular is famous for this. Instead of installing a browser extension that only covers one device, you block entire ad-serving and tracking domains for every device on your network simultaneously. No app can route around it.

Faster resolution, sometimes. When your resolver isn't chained to an overloaded upstream server, query times can drop. It's not always dramatic, but it's real.

Reduced dependency on corporate infrastructure. This is the one that tends to matter most to the people doing this. You're not asking Google a question every time you open a browser tab. That feels different once you've experienced it.

The "Paranoid Expert" Problem

There's a reflex that kicks in whenever infrastructure-level stuff comes up in conversation — a kind of polite dismissal that goes: okay but that's for IT people, not regular users. It's a convenient assumption, and it's increasingly wrong.

Pi-hole has a guided installer that runs on a $35 Raspberry Pi. The documentation is readable. The community forums are active and not hostile to beginners. Unbound has setup guides written for people who've never touched a config file. None of this requires a computer science degree or a rack-mounted server in a basement.

What it requires is about two hours on a weekend and a willingness to accept that you might have to look something up. That's it.

The "it's too technical" framing has always served one party in this dynamic: the companies that benefit from you not asking questions about their infrastructure. The more intimidating the concept sounds, the less likely you are to poke at it.

The Bigger Argument

DNS is foundational. It's one of the oldest, most essential layers of how the internet functions — and it has been quietly absorbed into the product portfolios of a handful of massive corporations. Google. Cloudflare. Your ISP. These aren't neutral parties. They have business models, and those models are built on data.

When Marcus looks at his Unbound logs now, he sees queries resolving directly to authoritative name servers — the actual sources of truth for domain information. No intermediary. No one building a profile. "It's closer to how the internet was supposed to work," he says. "Before everything became someone's product."

Sarah puts it more simply: "I just wanted to stop paying for the internet with my data on top of my monthly bill. One of those I could do something about."

You already own the hardware in your house. You already pay for the connection. The DNS resolver you're using right now was assigned to you by default, by someone who didn't ask. Changing that isn't paranoia — it's just finishing the sentence.


Interested in setting this up? Pi-hole's official docs are at pi-hole.net. Unbound's configuration guides are thorough and free. Neither company has a financial stake in whether you read them.

All articles

Related Articles

First Thing in the Morning, Your Phone Wins. These People Stopped Letting It.

First Thing in the Morning, Your Phone Wins. These People Stopped Letting It.

Discs Don't Disappear: Why the People Still Buying Physical Media Were Right All Along

Discs Don't Disappear: Why the People Still Buying Physical Media Were Right All Along

RTFM Is Not a Joke: The Quiet Radicals Who Actually Read the Docs

RTFM Is Not a Joke: The Quiet Radicals Who Actually Read the Docs