42
DNS hijacking (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by 3laws@lemmy.world to c/selfhosted@lemmy.world
33 comments fedilink hide all child comments

EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can't manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I'm always trying to keep learning as I go. I've read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

you are viewing a single comment's thread
view the rest of the comments
[-] Morgikan@lemm.ee 4 points 2 years ago

Just throwing out a couple of other solutions I didn't see mentioned for DoH/DoT:

  1. CoreDNS
  2. Blocky

Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it's DHCP.

[-] 3laws@lemmy.world 1 points 2 years ago

This Blocky?

Will keep them in mind, thanks a lot.

[-] Morgikan@lemm.ee 1 points 2 years ago

Yep, that's the one. You just set your upstream default to something like tcp-tls:1.1.1.1:853 for DoT (which is what I use anyway).

Good documentation on other features like adblocking,caching,etc: https://0xerr0r.github.io/blocky/v0.21/configuration/

this post was submitted on 16 Aug 2023
42 points (97.7% liked)

Selfhosted

59794 readers
273 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world