SSL operates after name resolution. It’s one way that information about your browsing habits is not protected by application-layer encryption; the domains you’re visiting are available to your DNS server.
Comment on Samsung brings ads to US fridges
wetbeardhairs@lemmy.dbzer0.com 7 hours agoWow really? I was under the impression that the SSL part would prevent the pihole from being able to spoof itself as a legitimate DNS
FishFace@lemmy.world 6 hours ago
frongt@lemmy.zip 3 hours ago
Unless you’re using DNS over TLS!
Or DNS over https, but that’s kind of gross.
Anivia@feddit.org 2 hours ago
No, you misunderstood the parent comment. Your connection to the DNS server being encrypted doesn’t change the fact that the DNS server knows the domains you are resolving
very_well_lost@lemmy.world 7 hours ago
Not to be pedantic, but a pihole is legitimate DNS. Being able to do your own DNS has always been a fundamental part of the Internet Protocol, and is used a lot in enterprise to handle name resolution for internal subnets and stuff like that.
wetbeardhairs@lemmy.dbzer0.com 6 hours ago
Being pedantic is totally OK here - we’re talking about SSL’s spoof protection. I’ll have to look up how any rando can host a DNS that supports DNS/HTTPS when a system would be expecting a valid SSL cert that declares who it was issued to and by whom and the requester is expecting a particular whom.
WhyJiffie@sh.itjust.works 1 hour ago
unbound, bind, or if you want a gui then technitium DNS.
but this thread is so, so full of misinfo. you don’t need a local doh capable DNS server at home. having one won’t solve anything either, because your advertising fridge won’t be using it. that’s the actual problem. you need to block any doh servers that the fridge might access (and regular DNS servers too), so that it doesn’t have a choice but respect your pihole, but that is very difficult because doh traffic looks like regular web traffic (because it is). yeah the fridge does not need to load websites, but it does all its questionably useful functions through HTTPS APIs too, so if you want to give it internet, you can’t just block web traffic for it.
TipRing@lemmy.world 7 minutes ago
I had a spirited discussion with an LG repair guy working on the smart fridge that cane with my home. I don’t allow malware on my network so the fridge doesn’t get to do whatever a fridge needs internet access for.
He tried to scare me by saying ittbwould connect to whatever network was available but I live in the sticks and there isn’t even cell coverage here much less another router for it to connect to so unless they are putting a satellite uplink in it that would not happen and I would think he knew that since I had to put him on my guestnet so he could call his support line.
So then he said it wouldn’t work properly unless it was on the network and I told him if it somehow connected I would use an ACL to ensure it couldn’t talk to anything.
Anyway, bought a cheap fridge from CostCo with an extended warranty and they dumpstered that LG POS. Good riddance.