Jump to content

DNS server recommendations

drRodneyMcKay
By drRodneyMcKay
in Networking
 Share
Posted

There are variants that would help like converting your old router to opensource project called openwrt then install adblock on it.

 

Or install pi-hole to any old device and tell your router dns ip to that device.

 

Or install pfsense to a device which is essentially router operation system that have almost everything so simply install pfblocker and you have adblocking for all devices.

I'm jank tinkerer if it works then it works.

Regardless of compatibility 🐧🖖

Link to post
Share on other sites
Posted
On 12/10/2024 at 1:49 PM, drRodneyMcKay said:

I am trying to figure out how to block ads on all of my devices and stumbled upon this whole DNS thing

I use pi-hole in virtualbox, because of the virtual bridged networking adapter.  If you install virtualbox, it asks about four times to install virtual network adapter, you will want them.

 

So in that I install debian, and after installing pi-hole and configuring the dns on the debian system to use pi-hole, I no longer need the gui.

 

So I can run the VM using a quarter gig of memory.  Also I can exit and select "save state" so it resumes and doesn't need a full reboot, which would take about 2+ minutes, I just wait about 20 seconds and it's back to where it was when saved.

 

Also, for self-hosting dns, you may want to look into unbound.  When you visit a website and get an IP address, that is only good for 175 seconds.

 

I haven't updated my cache in well over half a year (could be over a year) and don't have issues with it, although I do use firefox dns-over-https if I need to quickly bypass pi-hole and usually keep using that.

 

So all of this 3-minute dns record nonsense seems extreme.  The unbound dns docs mention an RFC discussing recomnended dns cache time and it recommends 1-3 days.

 

This will not really make your network significantly faster, but wouldn't it be cool to stop asking donains for the very same, rarely-changing IP address every 175 seconds, which pi-hole clearly shows every time that happens, to instead cache that and use the cache locally for a few days?

 

Pi-hole has a guide for exactly that, to completely setup unboubd dns with excellent options, and tell pi-hole to use unbound as the "upstream" dns server instead of a big-name service.

 

Unbound uses the authoritative servers, going directly to the root dns of the Internet, so chaching is advised anyway to reduce load for them.

: JRE #1914 Siddarth Kara

How bad is e-waste?  Listen to that Joe Rogan episode.

 

"Now you get what you want, but do you want more?
- Bob Marley, Rastaman Vibration album 1976

 

Windows 11 will just force business to "recycle" "obscolete" hardware.  Microsoft definitely isn't bothered by this at all, and seems to want hardware produced just a few years ago to be considered obsolete.  They have also not shown any interest nor has any other company in a similar financial position, to help increase tech recycling whatsoever.  Windows 12 might be cloud-based and be a monthly or yearly fee.

 

Software suggestions


Just get f.lux [Link removed due to forum rules] so your screen isn't bright white at night, a golden orange in place of stark 6500K bluish white.

released in 2008 and still being improved.

 

Dark Reader addon for webpages.  Pick any color you want for both background and text (background and foreground page elements).  Enable the preview mode on desktop for Firefox and Chrome addon, by clicking the dark reader addon settings, Choose dev tools amd click preview mode.

 

NoScript or EFF's privacy badger addons can block many scripts and websites that would load and track you, possibly halving page load time!

 

F-droid is a place to install open-source software for android, Antennapod, RethinkDNS, Fennec which is Firefox with about:config, lots of performance and other changes available, mozilla KB has a huge database of what most of the settings do.  Most software in the repository only requires Android 5 and 6!

 

I recommend firewall apps (blocks apps) and dns filters (redirect all dns requests on android, to your choice of dns, even if overridden).  RethinkDNS is my pick and I set it to use pi-hole, installed inside Ubuntu/Debian, which is inside Virtualbox, until I go to a website, nothing at all connects to any other server.  I also use NextDNS.io to do the same when away from home wi-fi or even cellular!  I can even tether from cellular to any device sharing via wi-fi, and block anything with dns set to NextDNS, regardless if the device allows changing dns.  This style of network filtration is being overridden by software updates on some devices, forcing a backup dns provuder, such as google dns, when built in dns requests are not connecting.  Without a complete firewall setup, dns redirection itself is no longer always effective.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×