I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.
What a shower of twats. Don’t block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.
I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.
I wouldn’t mind doing it. I run my own DNS so it wouldn’t affect me, but I figure if they’re already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it’d require a bunch of firewall rules.
Now, all of that is moot point cause I hate the whole “smart TV” thing, so they’d never be connected to the internet.
FYI for those using DNS-based adblocking: I discovered that my AndroidTV box asks 8.8.8.8 when my local DNS server blocks a request.
I always have issues with dns blocking so I tried something sneaky I redirected all DNS requests to 1.1.1.1/1.0.0.1 and it worked brilliantly, for about a month when it stopped working all together, I don’t know if a cache was wiped or google saw what I was doing and made a special exception just for me, obviously I want to believe I’m a special snowflake taking the world’s largest internet company head on in an epic battle of wits and skill but I think the cache thing might be more likely for some reason.
You mean redirecting on your router? How should google stop you from doing that? And why would you redirect to cloudflare lol
Depending on your router you can forward all request on port 53 to your DNS server regardless of the IP they try to use.
Block all port 53 traffic from your network outside of your DNS server/pihole itself.
Block all known DoH servers.
If you want to get REALLY fancy you can write a NAT rule that will force any outgoing request on port 53 to route to your dns/pihole.
I do all of this. It’s actually funny to see the requests that were hardcoded to go somewhere. Giant fuck you to those companies.
Do DoH requests go though 443?
Yes. But there are lists of well known IPs that are serving DoH. So you can just block those. Obviously blocking 443 is not a good idea.
What a shower of twats. Don’t block the request in that case, just redirect it to your local server that returns a 1x1 transparent png for all requests.
I connected an old laptop with linux mint and put the TV always in HDMI mode. Problem solved.
Only if you mean the tv has no web access
https://www.newscientist.com/article/2449198-smart-tvs-take-snapshots-of-what-you-watch-multiple-times-per-second/
Dang, so you’d have to block Google’s DNS at the router level too?
I set up my firewall to block all outgoing traffic to ports 53 and 853 (except for the upstream traffic from my pihole). I suppose DoH could still sneak through though.
I wouldn’t mind doing it. I run my own DNS so it wouldn’t affect me, but I figure if they’re already trying 8.8.8.8 they may as well try 8.8.4.4 and perhaps more, so it’d require a bunch of firewall rules.
Now, all of that is moot point cause I hate the whole “smart TV” thing, so they’d never be connected to the internet.
Right. It’s probably easier to give it a whitelist instead of a blocklist.