Well DNS based blocking has its problems mainly devices bypassing your network defined DNS with some encrypted DNS(DoT,DoH) or using hardcoded custom DNS servers.

Abie Nathan/TheyThem
link
fedilink
4
edit-2
1Y

A. Device part of a business infrastructure:
Just don’t change anything; those policy are there for a reason!

B. Consumer device:
1/ If we’re talking about proprietary hardware/software forcing your network to use a specific DNS, then you need to provide more details because you should be able to change it.

2/ There is also the case for a malware:
A fresh start is preferable.
Disinfect the system while offline, then back up the needed files.
Reinstall the system on a new/old formatted drive.
With the exception of taking your privacy/security seriously this time.

Sounds like you shouldn’t use those devices. I go for custom software personally so I can control the device itself

You are able to force devices to use a specified DNS. even when they have hard coded DNS in them. Your router/firewall must be able to support redirection of network traffic though.

This probably won’t work if the hard coded DNS is DNS over HTTPS

Vexz
link
fedilink
3
edit-2
1Y

Yes but I think only very few applications use a hard coded DNS server. And under all those applications who use a hard coded DNS server is probably a very low percentage that uses encrypted DNS.

Turun
link
fedilink
21Y

Or just a hardcoded IP, lol

Vexz
link
fedilink
51Y

A hard coded IP would mean it’s unencrypted DNS which can be force-redirected to your router with NAT rules.

Turun
link
fedilink
21Y

True, don’t know how I missed that.

You need to use an IP address (as opposed to FQDN) for DNS because when your computer starts up, it won’t be able to resolve the FQDN to do DNS lookups.

Cloudflare DNS over TLS famously is using the IP address of 1.1.1.1: https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-tls/

Vexz
link
fedilink
11Y

My computer uses unencrypted DNS and sends the queries to my router. My router does the encryption for forwarded DNS queries sent to the internet. There’s no need to encrypt DNS traffic in a LAN unless you don’t trust this LAN. The WAN (internet) is where evil people try to snoop on you.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog