Alphane Moon@lemmy.world to Technology@lemmy.worldEnglish · 2 months agoAn ad giant wants to control your next TV’s OSarstechnica.comexternal-linkmessage-square110fedilinkarrow-up1294arrow-down11cross-posted to: news@lemmy.linuxuserspace.showtechnology@lemmy.ziplinux_lugcast@lemux.minnix.devhardware@lemmy.worldarstechnica_index@rss.ponder.cat
arrow-up1293arrow-down1external-linkAn ad giant wants to control your next TV’s OSarstechnica.comAlphane Moon@lemmy.world to Technology@lemmy.worldEnglish · 2 months agomessage-square110fedilinkcross-posted to: news@lemmy.linuxuserspace.showtechnology@lemmy.ziplinux_lugcast@lemux.minnix.devhardware@lemmy.worldarstechnica_index@rss.ponder.cat
minus-squareSaik0@lemmy.saik0.comlinkfedilinkEnglisharrow-up27arrow-down1·edit-22 months agoBlock all port 53 traffic from your network outside of your DNS server/pihole itself. Block all known DoH servers. If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole. I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
minus-squareSaik0@lemmy.saik0.comlinkfedilinkEnglisharrow-up3arrow-down1·2 months agoYes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
minus-squareGounlinkfedilinkEnglisharrow-up1·2 months agoDamn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.
Block all port 53 traffic from your network outside of your DNS server/pihole itself.
Block all known DoH servers.
If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.
I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
Do DoH requests go though 443?
Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
Damn, never digged into that I thought blocking the DNS port would be enough, thanks for the information.