this post was submitted on 16 Aug 2023
39 points (95.3% liked)

Selfhosted

60693 readers
533 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
39
DNS hijacking (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by 3laws@lemmy.world to c/selfhosted@lemmy.world
 

EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can't manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I'm always trying to keep learning as I go. I've read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

you are viewing a single comment's thread
view the rest of the comments
[–] 3laws@lemmy.world 2 points 2 years ago (2 children)

Why can you not set your own DNS on your devices?

I can, they get redirected to my ISPs DNS, no matter what. This was not an issue with my pervious company.

[–] neuromancer@lemmy.world 6 points 2 years ago* (last edited 2 years ago)

You can use DNS over HTTPS or TLS with Quad9 https://www.quad9.net/service/service-addresses-and-features

If you are using PiHole just use that as the forward DNS.

[–] greenashura@sh.itjust.works 2 points 2 years ago (1 children)

How are you detecting this? Just curiosity

[–] dan@upvote.au 6 points 2 years ago* (last edited 2 years ago) (1 children)

Often, if you try to go to a non-existent domain, it'll still return an IP address that loads a "this site doesn't exist" page hosted by the ISP, often full of sponsored links, similar to a domain parking page.

It's trivial to do this. DNS requests are unencrypted and can easily be modified by an ISP, even if you use a custom DNS server like Google's 8.8.8.8 or Cloudflare's 1.1.1.1. You need DNS over HTTPS or a similar technology to prevent this happening.

[–] ares35@kbin.social 2 points 2 years ago

hijacking dns is also my provider's first action when you're late paying the bill. by ip or doh or a long-lived dns cache and you're still going, but anything looked-up via a 'regular' dns server goes nowhere. that gets you another 2-3 weeks until they deny the modem from even authenticating.