Comment on Samsung brings ads to US fridges
tetris11@lemmy.ml 9 hours agoIt’s not a huge issue, you need a DoH resolver now (e.g. your browser which has a secure connection to a secure DNS server) which cannot block <script> from requesting the ad, but can definitely block <script> from displaying it once the domain resolves.
Extra overhead though, agreed
wetbeardhairs@lemmy.dbzer0.com 9 hours ago
Wow really? I was under the impression that the SSL part would prevent the pihole from being able to spoof itself as a legitimate DNS
very_well_lost@lemmy.world 8 hours ago
Not to be pedantic, but a pihole is legitimate DNS. Being able to do your own DNS has always been a fundamental part of the Internet Protocol, and is used a lot in enterprise to handle name resolution for internal subnets and stuff like that.
wetbeardhairs@lemmy.dbzer0.com 8 hours ago
Being pedantic is totally OK here - we’re talking about SSL’s spoof protection. I’ll have to look up how any rando can host a DNS that supports DNS/HTTPS when a system would be expecting a valid SSL cert that declares who it was issued to and by whom and the requester is expecting a particular whom.
WhyJiffie@sh.itjust.works 3 hours ago
unbound, bind, or if you want a gui then technitium DNS.
but this thread is so, so full of misinfo. you don’t need a local doh capable DNS server at home. having one won’t solve anything either, because your advertising fridge won’t be using it. that’s the actual problem. you need to block any doh servers that the fridge might access (and regular DNS servers too), so that it doesn’t have a choice but respect your pihole, but that is very difficult because doh traffic looks like regular web traffic (because it is). yeah the fridge does not need to load websites, but it does all its questionably useful functions through HTTPS APIs too, so if you want to give it internet, you can’t just block web traffic for it.
FishFace@lemmy.world 8 hours ago
SSL operates after name resolution. It’s one way that information about your browsing habits is not protected by application-layer encryption; the domains you’re visiting are available to your DNS server.
frongt@lemmy.zip 5 hours ago
Unless you’re using DNS over TLS!
Or DNS over https, but that’s kind of gross.
Anivia@feddit.org 4 hours ago
No, you misunderstood the parent comment. Your connection to the DNS server being encrypted doesn’t change the fact that the DNS server knows the domains you are resolving