Comment

Comment on Adblockers stop publishers serving ads to (or even seeing) 1bn web users - Press Gazette

<- View Parent

474D@lemmy.world ⁨10⁩ ⁨months⁩ ago

Any good guides you know of to set that up?

source

Sort:hotnew top

Jason2357@lemmy.ca ⁨10⁩ ⁨months⁩ ago
Besides Pi-hole, there’s Adguard. The “home” version works just like Pi-hole on a device on your network (but is a little slicker in my opinion), and a DNS service where you just set your router’s or devices DNS to their service (less private, but no dedicated device required). That’s an option that is not ideal, but far better than not blocking at the DNS level for anyone uncomfortable configuring a device on their network.

source
mic_check_one_two@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
Pi-hole. You’ll want to run two, because machines will use both a primary and a secondary server for their DNS requests. If you don’t want to buy a pair of raspberry pi’s, you can run it in Docker, which basically keeps it isolated to its own tiny virtual machine. So you’d just need to spin up a pair of docker containers to run the pair of pi-holes. If you’re using Docker, they’ll need a pair of volumes too, or else they’ll lose all of their data every time they reboot.

You’ll want this to be on a machine that is running 24/7, because any time it shuts down, your internet will essentially stop working. That’s why lots of people end up just throwing a few raspberry pis in a closet and forgetting about them.

Once it’s installed, you’ll need to load it with block lists. The default ones are pretty basic. I’d just google something like “pihole blocklists” and figure it out from there. Each list will be a URL, which allows the pihole to pull updates, (which you can tell it to do via the built-in web UI).

source
- Archer@lemmy.world ⁨10⁩ ⁨months⁩ ago
  No point if you have a network in the 10.0.0.0/8 IP range. There is a bug where they will randomly stop serving DNS to IPs outside of their subnet
  
  source
  - mic_check_one_two@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
    Unless I’m misunderstanding, that doesn’t sound like a bug at all. Outside of a few specific circumstances, devices shouldn’t communicate with anything outside of the given subnet mask. Rejecting traffic outside of that subnet mask is exactly what it should do. And why wouldn’t your pihole be in the same subnet (or at least be included in the subnet mask) for the LAN? You can have the pihole’s IP address be whatever you want, so give it an IP in the same subnet.
    
    source
    Archer@lemmy.world ⁨10⁩ ⁨months⁩ ago
    I use VLANs and different subnets for security. Having PiHole break randomly every few weeks and seeing the config is different when I didn’t change it was beyond frustrating, so I just gave up
    
    source
  - Vanilla_PuddinFudge@infosec.pub ⁨10⁩ ⁨months⁩ ago
    Then change it?
    
    source
- chellomere@lemmy.world ⁨10⁩ ⁨months⁩ ago
  Machines will be fine with just one primary DNS server. The main reason for running two is so that you still have one working DNS server if either machine goes down, for example during maintenance.
  
  source
- 1984@lemmy.today ⁨10⁩ ⁨months⁩ ago
  Its actually not easy to run two of them since they are not designed for using a shared disk (you can get corrupted data). Its also not necessary, you can just leave the secondary dns server blank.
  
  But if you want two because you want high availability in case one of your piholes goes down, you can rsync the settings between the two machines every 5 minutes or so. Its important to keep them in sync that way.
  
  source
  - mic_check_one_two@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
    The secondary DNS isn’t for redundancy; machines will split requests across the two for load balancing. If you only have one running, you’ll end up with ads slipping through as the device still uses the default secondary DNS.
    
    source
ohshazbot@lemmy.world ⁨10⁩ ⁨months⁩ ago
pi-hole.net

source
shortwavesurfer@lemmy.zip ⁨10⁩ ⁨months⁩ ago
My DNS is from controld.com.

What you do is you log into your router and on the local area network page there’s generally a section to change the DNS settings of your router and you just put in the IP addresses that control D gives you.

You can also set it up on iOS and Android so that you are also protected when you leave your home network and are on the go on your cellular network.

As I said, along with Control-D, I also use U-Block Origin to catch anything that it might miss.

The other thing to do is use as many open source applications as you can possibly get away with.

source
- mic_check_one_two@lemmy.dbzer0.com ⁨10⁩ ⁨months⁩ ago
  Fair warning, using third-party DNS is a massive security issue; It basically allows that DNS provider to see all of the sites you’re visiting. Whenever possible, you should use a self-hosted DNS server like pi-hole.
  
  source
  - shortwavesurfer@lemmy.zip ⁨10⁩ ⁨months⁩ ago
    Thats true, i just didnt want to setup the reverse proxying for that. Also, its DoH ao my isp doesnt get my dns.
    
    source
  - Vanilla_PuddinFudge@infosec.pub ⁨10⁩ ⁨months⁩ ago
    Depends. Using some no-name dns server in Uzbekistan is likely not going to be easily reachable for your queries by your local government, if at all.
    
    Then again, most of you don’t have queries over encrypted protocols anyway, so it’s an open book regardless of who your third-party is.
    
    Best case if you’re a luddite, run a very highly recommended(by the fediverse) VPN, like windscribe or mullvad, and use their dns servers. Wireguard will encrypt the queries, and the vpn being supposedly trustworthy would put any cork in it otherwise.
    
    source