Comment on Beyond Pi-Hole
non_burglar@lemmy.world 2 days agoHard-coded DNS is in the application, you cannot change this from any dhcp option. Browsers do it, lots of versions of prime video apps do it. Google nest and home devices are famous for this.
You can write a NAT rewrite rule at your router to catch any UDP or TCP request on port 53 and send it to your ad-blocking DNS server/forwarder, but you won’t be able to stop DoH (DNS over https), which just leaves the subnet encrypted on 443.
q7mJI7tk1@lemmy.world 2 days ago
I was being too simplistic in my other reply. I was referring to basic router based DNS and NextDNS as the upstream resolver.
I don’t have an answer for hard coded DNS when it comes to NextDNS, which is essentially an upstream resolver with block lists functionality.
And to be honest, I misinterpreted OPs original question which was to take PiHole to the next level, whereas NextDNS is an alternative to.
I can run app based routing and blocking on my router, but whether that would restrict DNS for those services I don’t know.
Thanks for the clarification, you’ve got me wanting to pursue more DNS control now!
non_burglar@lemmy.world 2 days ago
That’s the double-edged sword of DNS over https. It allows us to hide our DNS queries from local ISP and others, but it also allows applications to hide theirs also. It just looks like encrypted web traffic to your router.