• ftbd@feddit.org
    link
    fedilink
    English
    arrow-up
    42
    ·
    30 days ago

    FYI for those using DNS-based adblocking: I discovered that my AndroidTV box asks 8.8.8.8 when my local DNS server blocks a request.

    • Saik0@lemmy.saik0.com
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      1
      ·
      edit-2
      29 days ago

      Block all port 53 traffic from your network outside of your DNS server/pihole itself.
      Block all known DoH servers.

      If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.

      I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.

        • Saik0@lemmy.saik0.com
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          29 days ago

          Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.

          • Goun@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            29 days ago

            Damn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.

    • addie@feddit.uk
      link
      fedilink
      English
      arrow-up
      13
      ·
      30 days ago

      What a shower of twats. Don’t block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.

    • wrekone@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      11
      ·
      29 days ago

      Depending on your router you can forward all request on port 53 to your DNS server regardless of the IP they try to use.

    • stupidcasey@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      29 days ago

      I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.

      • ftbd@feddit.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        29 days ago

        You mean redirecting on your router? How should google stop you from doing that? And why would you redirect to cloudflare lol

        • TORFdot0@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          29 days ago

          It could start using DNS over HTTPS if it had enough failed requests. Those wouldn’t be able to be redirected

      • sanguinet@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        29 days ago

        I wouldn’t mind doing it. I run my own DNS so it wouldn’t affect me, but I figure if they’re already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it’d require a bunch of firewall rules.

        Now, all of that is moot point cause I hate the whole “smart TV” thing, so they’d never be connected to the internet.

      • ftbd@feddit.org
        link
        fedilink
        English
        arrow-up
        7
        ·
        29 days ago

        I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.

    • S_H_K@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      29 days ago

      I connected an old laptop with linux mint and put the TV always in HDMI mode. Problem solved.