Do you use one or several providers ?

Do you use it at Browser, Device/OS, Router level ?

What’s your configuration ?

  • Darkassassin07@lemmy.caEnglish
    1·
    1 month ago

    Two piholes at home (redundancy). Those both translate all regular DNS requests to DoH using Cloudflared which rotate through 4 non-isp upstream DoH providers.

    The router is set to block all port 53 traffic from leaving the network and handout the 2 pihole IPs to dhcp clients for dns. If a LAN device wants regular dns, it MUST use the lan servers or it’ll get no response. (or it can use its own DoH setup and/or vpn out of the network). This enforces the ad/telemetry/malware blocking lists pihole uses without having to configure dns on everything.

    Those piholes also keep lists/records in sync using Gravity-Sync. Should I change ad lists or add/remove lan dns records, I don’t have to do it on both.

  • ssm@lemmy.sdf.org
    1·
    1 month ago

    /etc/unwind.conf

    block list "/var/db/unwind_blocklist"
forwarder { X.X.X.X port X DoT X.X.X.X port X DoT }
preference { DoT }

    unwind_blocklist is generated with this script I wrote:

    #!/bin/sh
# Blocklists for unwind(8)

blocklist=/var/db/unwind_blocklist
[ ! -f $blocklist ] && \
        (umask 117; touch $blocklist && chgrp _unwind $blocklist)

{
        ftp -V -o - \
            https://blocklistproject.github.io/Lists/alt-version/everything-nl.txt \
            http://winhelp2002.mvps.org/hosts.txt \
            http://sysctl.org/cameleon/hosts \
            https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt \
            https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt \
            https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt
        echo twitter.com
        echo www.twitter.com
        echo www.x.com
        echo x.com
        echo facebook.com
        echo www.facebook.com
} | awk -safe '
        !/^M|#|(^|\.)[[:blank:]]*$|^definitely_not_porn$/ {       
                if ($1 ~ /127\.0\.0\.1|0\.0\.0\.0/) {
                        $0 = $2
                }
                if ($0 ~ /[[:upper:]]/) {
                        print tolower($0)
                } else {
                        print $0
                }
        }
' | sort -u >$blocklist
rcctl restart unwind

    Regenerates occasionally with cron.

  • donkeystomple@lemmy.mlEnglish
    1·
    1 month ago

    I use NextDNS. I use it network wide on my home internet and also have it installed on all my devices.