this post was submitted on 16 Aug 2023
41 points (97.7% liked)

Selfhosted

39257 readers
208 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
41
DNS hijacking (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by 3laws@lemmy.world to c/selfhosted@lemmy.world
34 comments fedilink hide all child comments
 

EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can't manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I'm always trying to keep learning as I go. I've read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

you are viewing a single comment's thread
view the rest of the comments
[–] ShitpostCentral@lemmy.world 2 points 1 year ago (8 children)

Look into Pi-hole. It's an easy-to-setup DNS server which can run on a Raspberry Pi (or a Linux desktop/server if you have one.) You can then set your devices' DNS servers to the local address where the Pi-hole is running. Since it would be running on your local network, any requests to it shouldn't go through your ISP in the first place. I'd still recommend getting your own router anyways because this kind of ISP fuckery is more common than you'd expect. Plus, your exact configurations follow you anywhere you move. If you do end up getting one, set the local DNS server in the DHCP settings of your router to avoid having to set it on each device.

[–] vector_zero@lemmy.world 6 points 1 year ago (5 children)

Doesn't the RPi still go through the ISP? You'd still have to find a way to bypass their hijacking attempts, just on a different device this time.

[–] dan@upvote.au 1 points 1 year ago* (last edited 1 year ago) (2 children)

You'd have to use DNS over HTTPS, DNS over TLS, or DNS over QUIC. As far as I know, PiHole doesn't support these out-of-the-box, so AdGuard Home is a better choice (it's like PiHole but more powerful).

I know PiHole had plans to implement this though, so maybe they do support it now.

[–] Katrina@lemmy.blahaj.zone 0 points 1 year ago (1 children)

You can do it. I set mine up ages ago. https://docs.pi-hole.net/guides/dns/cloudflared/

[–] dan@upvote.au 0 points 1 year ago

It's not out-of-the-box though, and requires a bunch of manual setup. On AdGuard Home you just need to enter the DNS URL into the UI and that's it.

load more comments (2 replies)
load more comments (4 replies)