Do you use one or several providers ?

Do you use it at Browser, Device/OS, Router level ?

What’s your configuration ?

  • donkeystomple@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    I use NextDNS. I use it network wide on my home internet and also have it installed on all my devices.

  • Reawake9179@lemmy.kde.social
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    I use several providers as upstream for Adguard Home where my blocklists, regex blocks and DNS rewrites are. Via DNS-over-TLS URL for Android phones or DHCP with the IP of the DNS-server they get directed to it.

  • Em Adespoton@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I use a mix: I’ve got hardcoded hosts files, default third party DNS provider, DoH providers (different for each browser), a PiHole, and a VPN-based DNS resolver that I can run on a per-app basis.

    This way, I don’t trust a single provider to handle all my DNS traffic.

  • Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Two piholes at home (redundancy). Those both translate all regular DNS requests to DoH using Cloudflared which rotate through 4 non-isp upstream DoH providers.

    The router is set to block all port 53 traffic from leaving the network and handout the 2 pihole IPs to dhcp clients for dns. If a LAN device wants regular dns, it MUST use the lan servers or it’ll get no response. (or it can use its own DoH setup and/or vpn out of the network). This enforces the ad/telemetry/malware blocking lists pihole uses without having to configure dns on everything.

    Those piholes also keep lists/records in sync using Gravity-Sync. Should I change ad lists or and/remove lan dns records, I don’t have to do it on both.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I use Control-D, both on Android, through DNS over TLS, and at the router level, so that I’m protected from ads and malware, no matter whether I’m on cellular data or on Wi-Fi.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    /etc/unwind.conf

    block list "/var/db/unwind_blocklist"
    forwarder { X.X.X.X port X DoT X.X.X.X port X DoT }
    preference { DoT }
    

    unwind_blocklist is generated with this script I wrote:

    #!/bin/sh
    # Blocklists for unwind(8)
    
    blocklist=/var/db/unwind_blocklist
    [ ! -f $blocklist ] && \
            (umask 117; touch $blocklist && chgrp _unwind $blocklist)
    
    {
            ftp -V -o - \
                https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt \
                http://winhelp2002.mvps.org/hosts.txt \
                http://sysctl.org/cameleon/hosts \
                https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt \
                https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt \
                https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
            echo twitter.com
            echo www.twitter.com
            echo www.x.com
            echo x.com
            echo facebook.com
            echo www.facebook.com
    } | awk -safe '
            !/^M|#|(^|\.)[[:blank:]]*$|^definitely_not_porn$/ {       
                    if ($1 ~ /127\.0\.0\.1|0\.0\.0\.0/) {
                            $0 = $2
                    }
                    if ($0 ~ /[[:upper:]]/) {
                            print tolower($0)
                    } else {
                            print $0
                    }
            }
    ' | sort -u >$blocklist
    rcctl restart unwind
    

    Regenerates occasionally with cron.

  • x@niwego.com
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    @Freuks I use pfsense and force all users to use the DNS that I set on the router, this allows me to use pfblockerNG to block ads, telemetry, etc. Instead, users who use the VPN (MULLVAD) will use the MULLVAD DNS to avoid DNS Leak

  • BlackEco@lemmy.blackeco.com
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    PiHole with unbound (it’s its own recursive DNS resolver do you dint depend on Cloudflare, Quad9 and others) set on my local network DHCP, plus AdGuard’s DNS Proxy to use PiHole outside my home on my phone through DNS over TLS.

  • Ransack3@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Pi-Hole using upstream Quad9 and Cloudflare, managed router redirect/blocking everything to Pi-Hole or no mans land, NextDNS out of the house for mobile devices or on WiFi I don’t control.