this post was submitted on 16 Aug 2023
42 points (95.7% liked)

Selfhosted

60114 readers
970 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
42
DNS hijacking (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by 3laws@lemmy.world to c/selfhosted@lemmy.world
34 comments fedilink hide all child comments
 

EDIT: So because of my $0 budget and the fact that my uptime is around 50% (PC, no additional servers) I ended up using NextDNS. For the time being it works (according to dnsleaktest), an added benefit was improved ad-blocking (100% in this tool). I now have plans for a proper router in the future with a Pi-hole. Thanks so much for all the info & suggestions, definitely learnt a lot.

So it turns out I got myself into an ISP that was shittier than expected (I already knew it was kinda shitty), they DNS hijack for whatever reason and I can't manually set my own DNS on my router or even my devices.

Cyber security has never been my forte but I'm always trying to keep learning as I go. I've read that common solutions involve using a different port (54) or getting a different modem/router or just adding a router.

Are they all true? Whats the cheapest, easiest way of dealing with all of this?

you are viewing a single comment's thread
view the rest of the comments
[–] jubilationtcornpone@sh.itjust.works 6 points 2 years ago* (last edited 2 years ago) (3 children)

Wow. What kind of bullshit ISP blocks outbound DNS requests? I would bitch loudly at them as they have no valid excuse for doing that. Anyway... In that case you have a few options. You can use DNS over https but that's supported primarily by browsers. Not so much other desktop applications. I would get a router that's capable of WireGuard and connect it to ProtonVPN (or another VPN service of your choice). You don't have to route all traffic over VPN if you don't want to but at least you'll be able to use whatever DNS server you want.

[–] RegalPotoo@lemmy.world 3 points 2 years ago

US ISPs. It's amazing what you can get away with when you own enough politicians

[–] Moonrise2473@feddit.it 3 points 2 years ago

In Italy Vodafone blocks that request for "safety" and they were forcing users to use a custom proprietary shitty router where you could barely change the wifi password

[–] Katrina@lemmy.blahaj.zone 1 points 2 years ago

PiHole can be configured to use DoH, as can OpnSense and presumably other local DNS and router servers.