How do you manage your DNS settings ?

Freuks@lemmy.ml · 1 month ago

How do you manage your DNS settings ?

Lemmchen@feddit.org · edit-2 1 month ago

Mullvad’s DNS servers at the router level.

donkeystomple@lemmy.ml · 1 month ago

I use NextDNS. I use it network wide on my home internet and also have it installed on all my devices.

ssm@lemmy.sdf.org · edit-2 1 month ago

/etc/unwind.conf

block list "/var/db/unwind_blocklist"
forwarder { X.X.X.X port X DoT X.X.X.X port X DoT }
preference { DoT }

unwind_blocklist is generated with this script I wrote:

#!/bin/sh
# Blocklists for unwind(8)

blocklist=/var/db/unwind_blocklist
[ ! -f $blocklist ] && \
        (umask 117; touch $blocklist && chgrp _unwind $blocklist)

{
        ftp -V -o - \
            https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt \
            http://winhelp2002.mvps.org/hosts.txt \
            http://sysctl.org/cameleon/hosts \
            https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt \
            https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt \
            https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
        echo twitter.com
        echo www.twitter.com
        echo www.x.com
        echo x.com
        echo facebook.com
        echo www.facebook.com
} | awk -safe '
        !/^M|#|(^|\.)[[:blank:]]*$|^definitely_not_porn$/ {       
                if ($1 ~ /127\.0\.0\.1|0\.0\.0\.0/) {
                        $0 = $2
                }
                if ($0 ~ /[[:upper:]]/) {
                        print tolower($0)
                } else {
                        print $0
                }
        }
' | sort -u >$blocklist
rcctl restart unwind

Regenerates occasionally with cron.

Onno (VK6FLAB)@lemmy.radio · 1 month ago

DHCP at the router that gives out these two filtered DNS servers from AdGuard:

94.140.14.14
94.140.15.15

https://adguard-dns.io/en/blog/adguard-dns-new-addresses.html

Darkassassin07@lemmy.ca · edit-2 1 month ago

Two piholes at home (redundancy). Those both translate all regular DNS requests to DoH using Cloudflared which rotate through 4 non-isp upstream DoH providers.

The router is set to block all port 53 traffic from leaving the network and handout the 2 pihole IPs to dhcp clients for dns. If a LAN device wants regular dns, it MUST use the lan servers or it’ll get no response. (or it can use its own DoH setup and/or vpn out of the network). This enforces the ad/telemetry/malware blocking lists pihole uses without having to configure dns on everything.

Those piholes also keep lists/records in sync using Gravity-Sync. Should I change ad lists or add/remove lan dns records, I don’t have to do it on both.

swampdownloader@lemmy.dbzer0.com · 1 month ago

Do you ever have any trouble blocking port 53? Do any services break?

Darkassassin07@lemmy.ca · 1 month ago

Haven’t had any issues yet and it’s been blocked for at least 4 years now. Everything just happily uses the DNS servers specified by DHCP.

x@niwego.com · 1 month ago

@Freuks I use pfsense and force all users to use the DNS that I set on the router, this allows me to use pfblockerNG to block ads, telemetry, etc. Instead, users who use the VPN (MULLVAD) will use the MULLVAD DNS to avoid DNS Leak