this post was submitted on 16 Aug 2023
39 points (95.3% liked)

Selfhosted

60723 readers
557 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
39
DNS hijacking (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by 3laws@lemmy.world to c/selfhosted@lemmy.world
 

EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can't manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I'm always trying to keep learning as I go. I've read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

you are viewing a single comment's thread
view the rest of the comments
[–] Morgikan@lemm.ee 4 points 2 years ago (1 children)

Just throwing out a couple of other solutions I didn't see mentioned for DoH/DoT:

  1. CoreDNS
  2. Blocky

Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it's DHCP.

[–] 3laws@lemmy.world 1 points 2 years ago (1 children)

This Blocky?

Will keep them in mind, thanks a lot.

[–] Morgikan@lemm.ee 2 points 2 years ago

Yep, that's the one. You just set your upstream default to something like tcp-tls:1.1.1.1:853 for DoT (which is what I use anyway).

Good documentation on other features like adblocking,caching,etc: https://0xerr0r.github.io/blocky/v0.21/configuration/