chiisana

It’s not so absolute; your DNS provider could resolve domains to their own server’s IP and MITM your traffic. This is how some of those DNS based region bypass work — by re-routing your traffic through their server in a supported region.

all your traffic goes through them right?

Depending on provider and intended purpose… strictly speaking, a DNS server tells your computer that example.com resolves to 169.254.169.254 and nothing more.

However, for example, if your DNS provider adds ad blocking, they may choose to change ads.example.com from 169.254.169.254 to 127.0.0.1 thereby preventing any advertiser JavaScripts from being requested. This is fine and all, but you’d have no way to be automatically alerted if they changed it to 123.234.123.234 and serve their own blank scripts.

If for example your DNS provider provides region bypass for streaming providers, they could resolve streaming.example.com from 169.254.169.254 to a server in another country with address 123.234.123.234; and route your request through that in order to circumvent the region lock.

These are all fine and well, but if the provider was compromised and/or sold to malicious actor, they could resolve your-bank.website to a phishing site, and then MITM all the traffic just like the region lock bypass example.

So… in theory, it shouldn’t do anything more than resolving, but in practice, it may be hard to detect, and they could be doing more than just resolving.

If you have Apple users in your household, the current generation of Apple TV 4K 128GB is a solid device that’s going to offer the best integrated experience, along with capability of Thread. If not, it’s probably a bit overpriced compared to the other solutions.

Companies need money to pay their employees. Who would’ve thunk they’d change the licensing to allow them to make money. -surprised pikachu face-

Last I used PiHole many years back, it was possible to use it as DHCP but not possible to add custom DNS records like TXT, SRV, etc. . Perhaps that’s what OP is trying to solve for?

Another angle to consider is the liability of you being responsible for the content on your system. Someone could rent your machine to host very illegal content. At which point, as far as the authorities are concerned, it is coming out of your IP from your computer. You might be able to explain it away, or you might not. It’s not a hassle that’s worth the while.

Pirateweather is free, but I’m not sure if there are pre-built apps for that that’s self hosted.

For my homelab, I used a constellation so I can name each of my server after a star in the constellation. It is on a generic domain extension.

If it is something long term, I’d generally opt for a more stable extension. I.e. vanilla .com/net/org; or cctld for an existing country that you have close ties with that’s not likely to go away anytime soon. It is extremely rare, but this way I’m not running the odd risk of the company behind those fun new extensions, or a country going away (see .yu, no pun intended).

Not a space I’m familiar with, but a friend of mine was all over Habitica and mentioned you could self host it. Is this something that might fit what you’re looking for?

Future news headline: “The web server literally exploded under the DDOS attack.”

Has it been more than a couple of days? I think the webfinger certificates are kept for 24 hours or something like that, so any changes in the certificate associated with your old user (used for signing updates) will take some time to expire and then update.